2017-01-12
ALT-BU-2017-2873-2
Branch sisyphus update bulletin.
Closed bugs
cp: cannot create hard link
Closed vulnerabilities
Published: 2015-04-28
Modified: 2024-07-05
Modified: 2024-07-05
BDU:2015-04302
Уязвимости операционной системы SUSE Linux Enterprise, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: MEDIUM (6.8)Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
References:
Published: 2015-04-28
Modified: 2016-11-28
Modified: 2016-11-28
BDU:2015-04303
Уязвимости операционной системы SUSE Linux Enterprise, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: MEDIUM (6.8)Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
References:
Published: 2015-04-28
Modified: 2016-11-28
Modified: 2016-11-28
BDU:2015-04304
Уязвимости операционной системы SUSE Linux Enterprise, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: MEDIUM (6.8)Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
References:
Published: 2015-04-28
Modified: 2016-11-28
Modified: 2016-11-28
BDU:2015-04305
Уязвимости операционной системы SUSE Linux Enterprise, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: MEDIUM (6.8)Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
References:
Published: 2015-04-28
Modified: 2016-11-28
Modified: 2016-11-28
BDU:2015-06328
Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: MEDIUM (6.8)Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
References:
Published: 2015-04-28
Modified: 2016-11-28
Modified: 2016-11-28
BDU:2015-06329
Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: MEDIUM (6.8)Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
References:
Published: 2015-04-28
Modified: 2016-11-28
Modified: 2016-11-28
BDU:2015-06330
Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: MEDIUM (6.8)Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
References:
Published: 2015-04-28
Modified: 2016-11-28
Modified: 2016-11-28
BDU:2015-06331
Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: MEDIUM (6.8)Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
References:
Published: 2015-04-28
Modified: 2016-11-28
Modified: 2016-11-28
BDU:2015-06332
Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: MEDIUM (6.8)Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
References:
Published: 2015-04-28
Modified: 2016-11-28
Modified: 2016-11-28
BDU:2015-06333
Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: MEDIUM (6.8)Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
References:
Published: 2015-04-28
Modified: 2016-11-28
Modified: 2016-11-28
BDU:2015-06334
Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: MEDIUM (6.8)Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
References:
Published: 2015-04-28
Modified: 2016-11-28
Modified: 2016-11-28
BDU:2015-06335
Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: MEDIUM (6.8)Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
References:
Published: 2015-04-28
Modified: 2021-03-23
Modified: 2021-03-23
BDU:2015-09787
Уязвимости операционной системы Gentoo Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: MEDIUM (6.8)Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
References:
Published: 2014-06-05
Modified: 2025-04-12
Modified: 2025-04-12
CVE-2014-3467
Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.
Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
References:
- http://advisories.mageia.org/MGASA-2014-0247.html
- http://linux.oracle.com/errata/ELSA-2014-0594.html
- http://linux.oracle.com/errata/ELSA-2014-0596.html
- http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html
- http://rhn.redhat.com/errata/RHSA-2014-0594.html
- http://rhn.redhat.com/errata/RHSA-2014-0596.html
- http://rhn.redhat.com/errata/RHSA-2014-0687.html
- http://rhn.redhat.com/errata/RHSA-2014-0815.html
- http://secunia.com/advisories/58591
- http://secunia.com/advisories/58614
- http://secunia.com/advisories/59021
- http://secunia.com/advisories/59057
- http://secunia.com/advisories/59408
- http://secunia.com/advisories/60320
- http://secunia.com/advisories/60415
- http://secunia.com/advisories/61888
- http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html
- http://www.debian.org/security/2014/dsa-3056
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:116
- http://www.novell.com/support/kb/doc.php?id=7015302
- http://www.novell.com/support/kb/doc.php?id=7015303
- https://bugzilla.redhat.com/show_bug.cgi?id=1102022
- http://advisories.mageia.org/MGASA-2014-0247.html
- http://linux.oracle.com/errata/ELSA-2014-0594.html
- http://linux.oracle.com/errata/ELSA-2014-0596.html
- http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html
- http://rhn.redhat.com/errata/RHSA-2014-0594.html
- http://rhn.redhat.com/errata/RHSA-2014-0596.html
- http://rhn.redhat.com/errata/RHSA-2014-0687.html
- http://rhn.redhat.com/errata/RHSA-2014-0815.html
- http://secunia.com/advisories/58591
- http://secunia.com/advisories/58614
- http://secunia.com/advisories/59021
- http://secunia.com/advisories/59057
- http://secunia.com/advisories/59408
- http://secunia.com/advisories/60320
- http://secunia.com/advisories/60415
- http://secunia.com/advisories/61888
- http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html
- http://www.debian.org/security/2014/dsa-3056
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:116
- http://www.novell.com/support/kb/doc.php?id=7015302
- http://www.novell.com/support/kb/doc.php?id=7015303
- https://bugzilla.redhat.com/show_bug.cgi?id=1102022
Published: 2014-06-05
Modified: 2025-04-12
Modified: 2025-04-12
CVE-2014-3468
The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.
Severity: HIGH (7.5)Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
- http://advisories.mageia.org/MGASA-2014-0247.html
- http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=1c3ccb3e040bf13e342ee60bc23b21b97b11923f
- http://linux.oracle.com/errata/ELSA-2014-0594.html
- http://linux.oracle.com/errata/ELSA-2014-0596.html
- http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html
- http://rhn.redhat.com/errata/RHSA-2014-0594.html
- http://rhn.redhat.com/errata/RHSA-2014-0596.html
- http://rhn.redhat.com/errata/RHSA-2014-0687.html
- http://rhn.redhat.com/errata/RHSA-2014-0815.html
- http://secunia.com/advisories/58591
- http://secunia.com/advisories/58614
- http://secunia.com/advisories/59021
- http://secunia.com/advisories/59057
- http://secunia.com/advisories/59408
- http://secunia.com/advisories/60320
- http://secunia.com/advisories/60415
- http://secunia.com/advisories/61888
- http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html
- http://www.debian.org/security/2014/dsa-3056
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:116
- http://www.novell.com/support/kb/doc.php?id=7015302
- http://www.novell.com/support/kb/doc.php?id=7015303
- https://bugzilla.redhat.com/show_bug.cgi?id=1102323
- http://advisories.mageia.org/MGASA-2014-0247.html
- http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=1c3ccb3e040bf13e342ee60bc23b21b97b11923f
- http://linux.oracle.com/errata/ELSA-2014-0594.html
- http://linux.oracle.com/errata/ELSA-2014-0596.html
- http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html
- http://rhn.redhat.com/errata/RHSA-2014-0594.html
- http://rhn.redhat.com/errata/RHSA-2014-0596.html
- http://rhn.redhat.com/errata/RHSA-2014-0687.html
- http://rhn.redhat.com/errata/RHSA-2014-0815.html
- http://secunia.com/advisories/58591
- http://secunia.com/advisories/58614
- http://secunia.com/advisories/59021
- http://secunia.com/advisories/59057
- http://secunia.com/advisories/59408
- http://secunia.com/advisories/60320
- http://secunia.com/advisories/60415
- http://secunia.com/advisories/61888
- http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html
- http://www.debian.org/security/2014/dsa-3056
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:116
- http://www.novell.com/support/kb/doc.php?id=7015302
- http://www.novell.com/support/kb/doc.php?id=7015303
- https://bugzilla.redhat.com/show_bug.cgi?id=1102323
Published: 2014-06-05
Modified: 2025-04-12
Modified: 2025-04-12
CVE-2014-3469
The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument.
Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
References:
- http://advisories.mageia.org/MGASA-2014-0247.html
- http://linux.oracle.com/errata/ELSA-2014-0594.html
- http://linux.oracle.com/errata/ELSA-2014-0596.html
- http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html
- http://rhn.redhat.com/errata/RHSA-2014-0594.html
- http://rhn.redhat.com/errata/RHSA-2014-0596.html
- http://rhn.redhat.com/errata/RHSA-2014-0687.html
- http://rhn.redhat.com/errata/RHSA-2014-0815.html
- http://secunia.com/advisories/58591
- http://secunia.com/advisories/58614
- http://secunia.com/advisories/59021
- http://secunia.com/advisories/59057
- http://secunia.com/advisories/59408
- http://secunia.com/advisories/60320
- http://secunia.com/advisories/60415
- http://secunia.com/advisories/61888
- http://www.debian.org/security/2014/dsa-3056
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:116
- http://www.novell.com/support/kb/doc.php?id=7015302
- http://www.novell.com/support/kb/doc.php?id=7015303
- https://bugzilla.redhat.com/show_bug.cgi?id=1102329
- http://advisories.mageia.org/MGASA-2014-0247.html
- http://linux.oracle.com/errata/ELSA-2014-0594.html
- http://linux.oracle.com/errata/ELSA-2014-0596.html
- http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html
- http://rhn.redhat.com/errata/RHSA-2014-0594.html
- http://rhn.redhat.com/errata/RHSA-2014-0596.html
- http://rhn.redhat.com/errata/RHSA-2014-0687.html
- http://rhn.redhat.com/errata/RHSA-2014-0815.html
- http://secunia.com/advisories/58591
- http://secunia.com/advisories/58614
- http://secunia.com/advisories/59021
- http://secunia.com/advisories/59057
- http://secunia.com/advisories/59408
- http://secunia.com/advisories/60320
- http://secunia.com/advisories/60415
- http://secunia.com/advisories/61888
- http://www.debian.org/security/2014/dsa-3056
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:116
- http://www.novell.com/support/kb/doc.php?id=7015302
- http://www.novell.com/support/kb/doc.php?id=7015303
- https://bugzilla.redhat.com/show_bug.cgi?id=1102329
Closed vulnerabilities
Published: 2015-12-29
Modified: 2021-03-23
Modified: 2021-03-23
BDU:2015-12237
Уязвимость сервера DNS BIND, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.1)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C
References:
Published: 2016-04-19
Modified: 2021-03-23
Modified: 2021-03-23
BDU:2016-00941
Уязвимость сервера DNS BIND, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
References:
Published: 2016-04-19
Modified: 2021-03-23
Modified: 2021-03-23
BDU:2016-00942
Уязвимость сервера DNS BIND, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
References:
Published: 2015-12-16
Modified: 2025-04-12
Modified: 2025-04-12
CVE-2015-8000
db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class attribute.
Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
References:
- http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174143.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174145.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174252.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174520.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00027.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00028.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00034.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00035.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00036.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00042.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00033.html
- http://marc.info/?l=bugtraq&m=145680832702035&w=2
- http://packetstormsecurity.com/files/134882/FreeBSD-Security-Advisory-BIND-Denial-Of-Service.html
- http://rhn.redhat.com/errata/RHSA-2015-2655.html
- http://rhn.redhat.com/errata/RHSA-2015-2656.html
- http://rhn.redhat.com/errata/RHSA-2015-2658.html
- http://rhn.redhat.com/errata/RHSA-2016-0078.html
- http://rhn.redhat.com/errata/RHSA-2016-0079.html
- http://www.debian.org/security/2015/dsa-3420
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securityfocus.com/bid/79349
- http://www.securitytracker.com/id/1034418
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.539966
- http://www.ubuntu.com/usn/USN-2837-1
- https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/
- https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04923105
- https://kb.isc.org/article/AA-01317
- https://kb.isc.org/article/AA-01380
- https://kb.isc.org/article/AA-01438
- http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174143.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174145.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174252.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174520.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00027.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00028.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00034.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00035.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00036.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00042.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00033.html
- http://marc.info/?l=bugtraq&m=145680832702035&w=2
- http://packetstormsecurity.com/files/134882/FreeBSD-Security-Advisory-BIND-Denial-Of-Service.html
- http://rhn.redhat.com/errata/RHSA-2015-2655.html
- http://rhn.redhat.com/errata/RHSA-2015-2656.html
- http://rhn.redhat.com/errata/RHSA-2015-2658.html
- http://rhn.redhat.com/errata/RHSA-2016-0078.html
- http://rhn.redhat.com/errata/RHSA-2016-0079.html
- http://www.debian.org/security/2015/dsa-3420
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securityfocus.com/bid/79349
- http://www.securitytracker.com/id/1034418
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.539966
- http://www.ubuntu.com/usn/USN-2837-1
- https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/
- https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04923105
- https://kb.isc.org/article/AA-01317
- https://kb.isc.org/article/AA-01380
- https://kb.isc.org/article/AA-01438
Published: 2015-12-16
Modified: 2025-04-12
Modified: 2025-04-12
CVE-2015-8461
Race condition in resolver.c in named in ISC BIND 9.9.8 before 9.9.8-P2 and 9.10.3 before 9.10.3-P2 allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via unspecified vectors.
Severity: HIGH (7.1)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C
References:
- http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174145.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174252.html
- http://www.securityfocus.com/bid/79347
- http://www.securitytracker.com/id/1034419
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.539966
- https://kb.isc.org/article/AA-01319
- https://kb.isc.org/article/AA-01380
- https://kb.isc.org/article/AA-01438
- http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174145.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174252.html
- http://www.securityfocus.com/bid/79347
- http://www.securitytracker.com/id/1034419
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.539966
- https://kb.isc.org/article/AA-01319
- https://kb.isc.org/article/AA-01380
- https://kb.isc.org/article/AA-01438
Published: 2016-03-09
Modified: 2025-04-12
Modified: 2025-04-12
CVE-2016-1285
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c.
Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (6.8)Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
References:
- http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181036.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181037.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178831.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178880.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179904.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179911.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00046.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00053.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00070.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00072.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00075.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00079.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00084.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00013.html
- http://marc.info/?l=bugtraq&m=146191105921542&w=2
- http://rhn.redhat.com/errata/RHSA-2016-0562.html
- http://rhn.redhat.com/errata/RHSA-2016-0601.html
- http://www.debian.org/security/2016/dsa-3511
- http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securitytracker.com/id/1035236
- http://www.ubuntu.com/usn/USN-2925-1
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05087821
- https://kb.isc.org/article/AA-01352
- https://kb.isc.org/article/AA-01380
- https://kb.isc.org/article/AA-01438
- https://security.FreeBSD.org/advisories/FreeBSD-SA-16:13.bind.asc
- https://security.gentoo.org/glsa/201610-07
- http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181036.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181037.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178831.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178880.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179904.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179911.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00046.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00053.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00070.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00072.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00075.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00079.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00084.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00013.html
- http://marc.info/?l=bugtraq&m=146191105921542&w=2
- http://rhn.redhat.com/errata/RHSA-2016-0562.html
- http://rhn.redhat.com/errata/RHSA-2016-0601.html
- http://www.debian.org/security/2016/dsa-3511
- http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securitytracker.com/id/1035236
- http://www.ubuntu.com/usn/USN-2925-1
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05087821
- https://kb.isc.org/article/AA-01352
- https://kb.isc.org/article/AA-01380
- https://kb.isc.org/article/AA-01438
- https://security.FreeBSD.org/advisories/FreeBSD-SA-16:13.bind.asc
- https://security.gentoo.org/glsa/201610-07
Published: 2016-03-09
Modified: 2025-04-12
Modified: 2025-04-12
CVE-2016-1286
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c.
Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Severity: HIGH (8.6)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
References:
- http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181036.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181037.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178831.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178880.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179904.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179911.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00046.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00053.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00070.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00072.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00075.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00079.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00084.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00013.html
- http://marc.info/?l=bugtraq&m=146191105921542&w=2
- http://rhn.redhat.com/errata/RHSA-2016-0562.html
- http://rhn.redhat.com/errata/RHSA-2016-0601.html
- http://www.debian.org/security/2016/dsa-3511
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securitytracker.com/id/1035237
- http://www.ubuntu.com/usn/USN-2925-1
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05087821
- https://kb.isc.org/article/AA-01353
- https://kb.isc.org/article/AA-01380
- https://kb.isc.org/article/AA-01438
- https://security.FreeBSD.org/advisories/FreeBSD-SA-16:13.bind.asc
- https://security.gentoo.org/glsa/201610-07
- http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181036.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181037.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178831.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178880.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179904.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179911.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00046.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00053.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00070.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00072.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00075.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00079.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00084.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00013.html
- http://marc.info/?l=bugtraq&m=146191105921542&w=2
- http://rhn.redhat.com/errata/RHSA-2016-0562.html
- http://rhn.redhat.com/errata/RHSA-2016-0601.html
- http://www.debian.org/security/2016/dsa-3511
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securitytracker.com/id/1035237
- http://www.ubuntu.com/usn/USN-2925-1
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05087821
- https://kb.isc.org/article/AA-01353
- https://kb.isc.org/article/AA-01380
- https://kb.isc.org/article/AA-01438
- https://security.FreeBSD.org/advisories/FreeBSD-SA-16:13.bind.asc
- https://security.gentoo.org/glsa/201610-07
Published: 2019-01-16
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2017-3135
Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9.9-P5, 9.9.10b1, 9.10.0 -> 9.10.4-P5, 9.10.5b1, 9.11.0 -> 9.11.0-P2, 9.11.1b1.
Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (5.9)Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- http://rhn.redhat.com/errata/RHSA-2017-0276.html
- http://www.securityfocus.com/bid/96150
- http://www.securitytracker.com/id/1037801
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03747en_us
- https://kb.isc.org/docs/aa-01453
- https://security.gentoo.org/glsa/201708-01
- https://security.netapp.com/advisory/ntap-20180926-0005/
- https://www.debian.org/security/2017/dsa-3795
- http://rhn.redhat.com/errata/RHSA-2017-0276.html
- http://www.securityfocus.com/bid/96150
- http://www.securitytracker.com/id/1037801
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03747en_us
- https://kb.isc.org/docs/aa-01453
- https://security.gentoo.org/glsa/201708-01
- https://security.netapp.com/advisory/ntap-20180926-0005/
- https://www.debian.org/security/2017/dsa-3795