From 2d8afe69b85bdc431142ed5d07602f99d9ea9989e7f18f191efb9c01966ca1a8 Mon Sep 17 00:00:00 2001 From: Reinhard Max Date: Fri, 11 Mar 2016 13:59:03 +0000 Subject: [PATCH] - Security update 9.10.3-P3: * CVE-2016-1285, bsc#970072: assert failure on input parsing can cause premature exit. * CVE-2016-1286, bsc#970073: An error when parsing signature records for DNAME can lead to named exiting due to an assertion failure. * CVE-2016-2088, bsc#970074: a deliberately misconstructed packet containing multiple cookie options to cause named to terminate with an assertion failure. OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=190 --- bind.changes | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/bind.changes b/bind.changes index 0637fb1..27fd115 100644 --- a/bind.changes +++ b/bind.changes @@ -1,10 +1,15 @@ ------------------------------------------------------------------- -Fri Mar 11 13:53:26 UTC 2016 - max@suse.com +Fri Mar 11 13:56:10 UTC 2016 - max@suse.com -- Security update 9.10.3-P3 fixes two assertion failures that can - lead to remote DoS: - * CVE-2016-1285, bsc#970072 - * CVE-2016-1286, bsc#970073 +- Security update 9.10.3-P3: + * CVE-2016-1285, bsc#970072: assert failure on input parsing can + cause premature exit. + * CVE-2016-1286, bsc#970073: An error when parsing signature + records for DNAME can lead to named exiting due to an assertion + failure. + * CVE-2016-2088, bsc#970074: a deliberately misconstructed packet + containing multiple cookie options to cause named to terminate + with an assertion failure. ------------------------------------------------------------------- Thu Feb 25 16:10:45 UTC 2016 - bwiedemann@suse.com