[3.1] bind: multiple issues (CVE-2015-8461, CVE-2015-8000)
CVE-2015-8000: Responses with a malformed class attribute can trigger an assertion failure in db.c
CVE-2015-8461: A race condition when handling socket errors can lead to an assertion failure in resolver.c
Versions affected: 9.0.x ->9.9.8, 9.10.0 ->9.10.3
Solution:
Upgrade to the patched release most closely related to your
current version of BIND. Public open-source branches can be
downloaded from
References:
https://kb.isc.org/article/AA-01317
https://kb.isc.org/article/AA-01319/0/CVE-2015-8461%3A-A-race-condition-when-handling-socket-errors-can-lead-to-an-assertion-failure-in-resolver.c.html
ftp://ftp.isc.org/isc/bind9/9.10.3-P2/RELEASE-NOTES-9.10.3-P2.html
(from redmine: issue id 4958, created on 2015-12-16, closed on 2015-12-19)
- Relations:
- parent #4955 (closed)
- Changesets:
- Revision 1ff93764 by Natanael Copa on 2015-12-16T12:58:59Z:
main/bind: security upgrade to 9.10.3_p2 (CVE-2015-8461,CVE-2015-8000)
fixes #4958