bind: Multiple issues (CVE-2016-1285, CVE-2016-1286, CVE-2016-2088)
CVE-2016-1285: An error parsing input received by the rndc control channel can cause an assertion failure in sexpr.c or alist.c
Versions affected:
9.2.0 ->9.8.8, 9.9.09.9.8-P3,
9.9.3-S1>9.9.8-S5, 9.10.0->9.10.3-P3
Solution:
Upgrade to the patched release most closely related to your current version of BIND.
BIND 9 version 9.9.8-P4
BIND 9 version 9.10.3-P4
CVE-2016-1286: A problem parsing resource record signatures for DNAME resource records can lead to an assertion failure in resolver.c or db.c
Versions affected:
9.0.0 ->9.8.8, 9.9.0 ->9.9.8-P3, 9.9.3-S1 ->9.9.8-S5, 9.10.0 ->9.10.3-P3
Solution:
Re-configure and re-build BIND without enabling cookie support or upgrade to the patched release most closely related to your current version of BIND.
BIND 9 version 9.10.3-P4
CVE-2016-2088: A response containing multiple DNS cookies causes servers with cookie support enabled to exit with an assertion failure.
Versions affected:
9.10.0 ->9.10.3-P3
Solution:
Re-configure and re-build BIND without enabling cookie support or
upgrade to the patched release most closely related
to your current version of BIND.
BIND 9 version 9.10.3-P4
References:
https://kb.isc.org/article/AA-01352
https://kb.isc.org/article/AA-01353
https://kb.isc.org/article/AA-01351
(from redmine: issue id 5242, created on 2016-03-10, closed on 2016-03-14)
- Relations:
- child #5243 (closed)
- child #5244 (closed)
- child #5245 (closed)
- child #5246 (closed)
- child #5247 (closed)
- Changesets:
- Revision 8b571b68 on 2016-03-11T15:55:07Z:
main/bind: security upgrade to 9.10.3_p4 (CVE-2016-1285, CVE-2016-1286, CVE-2016-2088). Fixes #5242