oss-sec mailing list archives
ISC BIND vulnerabilities are now public (CVE-2016-1285, CVE-2016-1286, CVE-2016-2088)
From: "Jeremy C. Reed" <security-officer () isc org>
Date: Wed, 9 Mar 2016 14:02:46 -0600 (CST)
Please be advised that ISC announced security advisories for vulnerabilities in ISC BIND. CVE-2016-1285: An error parsing input received by the rndc control channel can cause an assertion failure in sexpr.c or alist.c. All versions since 9.2.0 are affected. https://kb.isc.org/article/AA-01352 CVE-2016-1286: A problem parsing resource record signatures for DNAME resource records can lead to an assertion failure in resolver.c or db.c. All versions since 9.0.0 are affected. https://kb.isc.org/article/AA-01353 CVE-2016-2088: A response containing multiple DNS cookies causes servers with cookie support enabled to exit with an assertion failure in resolver.c. This affects the 9.10.x versions. https://kb.isc.org/article/AA-01351 Jeremy C. Reed ISC Security Officer
Current thread:
- ISC BIND vulnerabilities are now public (CVE-2016-1285, CVE-2016-1286, CVE-2016-2088) Jeremy C. Reed (Mar 09)