[OpenIndiana-discuss] New bind CVE
Aurélien Larcher
aurelien.larcher at gmail.com
Thu Jan 12 20:33:19 UTC 2017
https://github.com/OpenIndiana/oi-userland/commit/b0bae2b93ae255a5f876af2e0442e00ea3d62f7c
On Thu, Jan 12, 2017 at 9:25 PM, cpforum <cpforum at orange.fr> wrote:
> Hi,
>
> Current OI hipster bind package should be updated to 9.10.4-P5.
> critical CVE affect the 9.10.4-P4 current version.
>
> see 11/01/2017 CVE https://www.isc.org/downloads/software-support-policy/
> security-advisory/
>
> CVE-2016-9131: A malformed response to an ANY query can cause an assertion
> failure during recursion
> CVE: [...]
> Wed, Jan 11, 2017
> Source: BIND Security Advisory
>
> CVE-2016-9147: An error handling a query response containing inconsistent
> DNSSEC information could cause an assertion failure
> CVE: [...]
> Wed, Jan 11, 2017
> Source: BIND Security Advisory
>
> CVE-2016-9444: An unusually-formed DS record response could cause an
> assertion failure
> CVE: [...]
> Wed, Jan 11, 2017
> Source: BIND Security Advisory
>
> CVE-2016-9778: An error handling certain queries using the
> nxdomain-redirect feature could cause a REQUIRE assertion failure in db.c
> CVE: [...]
> Wed, Jan 11, 2017
> Source: BIND Security Advisory
>
>
>
> _______________________________________________
> openindiana-discuss mailing list
> openindiana-discuss at openindiana.org
> https://openindiana.org/mailman/listinfo/openindiana-discuss
>
--
---
Praise the Caffeine embeddings
More information about the openindiana-discuss
mailing list