Bug 7402 - [UPDATE REQUEST] bind 9.10.4.P1 → 9.10.4.P3
: [UPDATE REQUEST] bind 9.10.4.P1 → 9.10.4.P3
Status: VERIFIED FIXED
Product: Desktop Bugs
Classification: ROSA Desktop
Component: Main Packages
: Fresh
: All Linux
: Normal normal
: ---
Assigned To: ROSA Linux Bugs
: ROSA Linux Bugs
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-09-30 17:57 MSD by Алзим
Modified: 2016-10-25 13:47 MSD (History)
4 users (show)

See Also:
RPM Package:
ISO-related:
Bad POT generating:
Upstream:
vladimir.potapov: qa_verified+
denis.silakov: published+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Алзим 2016-09-30 17:57:23 MSD
Консорциум ISC представил новые выпуски DNS-сервера BIND 9.9.9-P3 и 9.10.4-P3, в которых устранена уязвимость (CVE-2016-2776), позволяющая вызвать отказ в обслуживании, инициировав крах процесса-обработчика через отправку специально оформленного запроса. Проблеме подвержены все выпуски BIND ветки 9.x. Уязвимость проявляется даже если запрос поступил с IP-адреса, не имеющего прав отправки запросов и не подпадающего под правила allow-query.
Comment 2 Zombie Ryushu 2016-10-04 20:36:06 MSD
The lwresd component in BIND (which is not enabled by default) could crash
while processing an overlong request name. This could lead to a denial of
service (CVE-2016-2775).

A crafted query could crash the BIND name server daemon, leading to a
denial of service. All server roles (authoritative, recursive and
forwarding) in default configurations are affected (CVE-2016-2776).
Comment 3 Denis Silakov 2016-10-07 15:10:22 MSD
*** Bug 7315 has been marked as a duplicate of this bug. ***
Comment 4 Vladimir Potapov 2016-10-21 15:33:14 MSD
The update is sent to expanded testing
***************************************
Comment 5 Vladimir Potapov 2016-10-25 11:42:20 MSD
bind-9.10.4.P3-1
https://abf.io/build_lists/2723033
https://abf.io/build_lists/2723034
********************************* Advisory ******************************
Updated to  9.10.4.P3 with fix CVE-2016-2776
*************************************************************************
QA Verified