ALT Linux Team

Package bind update in sisyphus on 2015-07-29

ALT-PU-2015-1641-1

Package bind updated to version 9.9.7-alt2 for branch sisyphus in task 146801.

Closed vulnerabilities

Published: 2015-12-08

BDU:2015-12237

Уязвимость сервера DNS BIND, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.1)
References:
Published: 2016-03-10

BDU:2016-00941

Уязвимость сервера DNS BIND, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (5.0)
References:
Published: 2016-03-10

BDU:2016-00942

Уязвимость сервера DNS BIND, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.3)
References:
Published: 2014-12-11
Modified: 2024-11-21

CVE-2014-8500

ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through 9.10.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory consumption and named crash) via a large or infinite number of referrals.

Severity: HIGH (7.8)
References:
Published: 2015-02-19
Modified: 2024-11-21

CVE-2015-1349

named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit, or daemon crash) by triggering an incorrect trust-anchor management scenario in which no key is ready for use.

Severity: MEDIUM (5.4)
References:
Published: 2015-07-08
Modified: 2024-11-21

CVE-2015-4620

name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and 9.10.x before 9.10.2-P2, when configured as a recursive resolver with DNSSEC validation, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) by constructing crafted zone data and then making a query for a name in that zone.

Severity: HIGH (7.8)
References:
Published: 2015-07-29
Modified: 2024-11-21

CVE-2015-5477

named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries.

Severity: HIGH (7.8)
References:
Published: 2015-12-16
Modified: 2024-11-21

CVE-2015-8000

db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class attribute.

Severity: MEDIUM (5.0)
References:
Published: 2015-12-16
Modified: 2024-11-21

CVE-2015-8461

Race condition in resolver.c in named in ISC BIND 9.9.8 before 9.9.8-P2 and 9.10.3 before 9.10.3-P2 allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via unspecified vectors.

Severity: HIGH (7.1)
References:
Published: 2016-03-10
Modified: 2024-11-21

CVE-2016-1285

named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c.

Severity: MEDIUM (6.8) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
References:
Published: 2016-03-10
Modified: 2024-11-21

CVE-2016-1286

named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c.

Severity: HIGH (8.6) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top