SB2016012505 - SUSE Linux update for bind
Published: January 25, 2016
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Data Handling (CVE-ID: CVE-2015-5477)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries.
2) Input validation error (CVE-ID: CVE-2015-5722)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) by creating a zone containing a malformed DNSSEC key and issuing a query for a name in that zone.
3) Assertion failure (CVE-ID: CVE-2015-8000)
A remote attacker can trigger denial of service (DoS) conditions.The vulnerability exists due to a parsing error when processing incoming responses within db.c file. A remote attacker who can cause a server to request a record with a malformed class attribute can use this bug to trigger a REQUIRE assertion, causing named to exit and denying service to clients.
Successful exploitation of this vulnerability may allow an attacker to perform a denial of service (DoS) attack.
4) Input validation error (CVE-ID: CVE-2015-8704)
The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.
apl_42.c in ISC BIND 9.x before 9.9.8-P3, 9.9.x, and 9.10.x before 9.10.3-P3 allows remote authenticated users to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed Address Prefix List (APL) record.
Remediation
Install update from vendor's website.