[OpenIndiana-discuss] New bind CVE

cpforum cpforum at orange.fr
Thu Jan 12 20:25:00 UTC 2017


Hi,

Current OI hipster bind package should be updated to 9.10.4-P5.
critical CVE affect the 9.10.4-P4 current version.

see 11/01/2017 CVE https://www.isc.org/downloads/software-support-policy/security-advisory/

CVE-2016-9131: A malformed response to an ANY query can cause an assertion failure during recursion
CVE: [...]
Wed, Jan 11, 2017
Source: BIND Security Advisory

CVE-2016-9147: An error handling a query response containing inconsistent DNSSEC information could cause an assertion failure
CVE: [...]
Wed, Jan 11, 2017
Source: BIND Security Advisory

CVE-2016-9444: An unusually-formed DS record response could cause an assertion failure
CVE: [...]
Wed, Jan 11, 2017
Source: BIND Security Advisory

CVE-2016-9778: An error handling certain queries using the nxdomain-redirect feature could cause a REQUIRE assertion failure in db.c
CVE: [...]
Wed, Jan 11, 2017
Source: BIND Security Advisory





More information about the openindiana-discuss mailing list