From c7dc2ebf4fb8d544c72abcf976316203d99e76db9e488cc05cbd57d543fa310f Mon Sep 17 00:00:00 2001 From: Reinhard Max Date: Wed, 20 Jan 2016 11:04:34 +0000 Subject: [PATCH] - Security update 9.10.3-P3: * Specific APL data could trigger an INSIST (CVE-2015-8704, bsc#962189). * Certain errors that could be encountered when printing out or logging an OPT record containing a CLIENT-SUBNET option could be mishandled, resulting in an assertion failure (CVE-2015-8705, bsc#962190). * Authoritative servers that were marked as bogus (e.g. blackholed in configuration or with invalid addresses) were being queried anyway. OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=183 --- bind-9.10.3-P2.tar.gz | 3 --- bind-9.10.3-P2.tar.gz.asc | 11 ----------- bind-9.10.3-P3.tar.gz | 3 +++ bind-9.10.3-P3.tar.gz.asc | 11 +++++++++++ bind.changes | 14 ++++++++++++++ bind.spec | 6 +++--- 6 files changed, 31 insertions(+), 17 deletions(-) delete mode 100644 bind-9.10.3-P2.tar.gz delete mode 100644 bind-9.10.3-P2.tar.gz.asc create mode 100644 bind-9.10.3-P3.tar.gz create mode 100644 bind-9.10.3-P3.tar.gz.asc diff --git a/bind-9.10.3-P2.tar.gz b/bind-9.10.3-P2.tar.gz deleted file mode 100644 index 29bc6fb..0000000 --- a/bind-9.10.3-P2.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:4a6c1911ac0d4b6be635b63de3429b6c168ea244043f12bbc8a4eb3368fd6ecd -size 8523719 diff --git a/bind-9.10.3-P2.tar.gz.asc b/bind-9.10.3-P2.tar.gz.asc deleted file mode 100644 index ccaae04..0000000 --- a/bind-9.10.3-P2.tar.gz.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Comment: GPGTools - http://gpgtools.org - -iQEcBAABAgAGBQJWZiOeAAoJEG+m68mRGkwCbw4H/2qwR/u6eg6yODs57kikyjRr -/3Cut1C2eaRS0nxk6kesw++VOqKTzDzeoQSsu+DEHfYq6fB/C8h4hA8mGZfRZ4P2 -hUQ+wsSBnyN+VYbv4yVKVjae/6T4Pr2NgepfbKnBN037/eNHykO6a41aB1Gi3sUa -g4UTU2ZO2JXGo5JusWUGeV85xUC8zQXo8ZDTUIyaZELk/7Hp317gCMC+SJPNRLvM -+Ex9PYfArj8ovQ0y1XRoj1VGglZwBz9zN99nxPD320l8LApYsCROGqCIXJYWKfRw -EtKLO0/weIdCgGZp/7GilnEJKPICXyuDemoRIiParqwCHQMmPunwQa6eHXZ/Kjk= -=EpUm ------END PGP SIGNATURE----- diff --git a/bind-9.10.3-P3.tar.gz b/bind-9.10.3-P3.tar.gz new file mode 100644 index 0000000..9a66db8 --- /dev/null +++ b/bind-9.10.3-P3.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:690810d1fbb72afa629e74638d19cd44e28d2b2e5eb63f55c705ad85d1a4cb83 +size 8527540 diff --git a/bind-9.10.3-P3.tar.gz.asc b/bind-9.10.3-P3.tar.gz.asc new file mode 100644 index 0000000..3619a05 --- /dev/null +++ b/bind-9.10.3-P3.tar.gz.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iQEcBAABAgAGBQJWlvHcAAoJEG+m68mRGkwCz8kIALzyviUld+Gtp9jmTtvEhDEx +W7Cw9Pg7t+hsZucE7lTQ76PA9/znljXgziMH51fBO0SWmrHJvyrBzY7cu92ILWAo +S7G+JFElMcZ05hJ5u/oijZLznBW31AA1C7wkAyZirFGxrahpkHYIYNfUNCKH6YqZ +xRARY7/Fk3dwg+/LRi0x4eCXNGWUdHUQwpOaswlE0xtk2H5q76RuZC6w53HNngaq +lbmVcEqxQ6m0PMqWNgO/4pvyW1+n0CheJ/11sz8SbUmhMH08kYRRGHsFhcsAfUL4 +X6aDPl3mQZrOTmdPc5c+BPWbB2N3xDcbFOqKmzAAEZIIraINs2aNYicbk0yC9OI= +=BszB +-----END PGP SIGNATURE----- diff --git a/bind.changes b/bind.changes index befdd81..418340c 100644 --- a/bind.changes +++ b/bind.changes @@ -1,3 +1,17 @@ +------------------------------------------------------------------- +Wed Jan 20 10:58:15 UTC 2016 - max@suse.com + +- Security update 9.10.3-P3: + * Specific APL data could trigger an INSIST (CVE-2015-8704, + bsc#962189). + * Certain errors that could be encountered when printing out or + logging an OPT record containing a CLIENT-SUBNET option could + be mishandled, resulting in an assertion failure + (CVE-2015-8705, bsc#962190). + * Authoritative servers that were marked as bogus (e.g. + blackholed in configuration or with invalid addresses) were + being queried anyway. + ------------------------------------------------------------------- Mon Dec 21 16:55:36 UTC 2015 - max@suse.com diff --git a/bind.spec b/bind.spec index 8bb8b54..e1034f3 100644 --- a/bind.spec +++ b/bind.spec @@ -1,7 +1,7 @@ # # spec file for package bind # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,8 +18,8 @@ Name: bind %define pkg_name bind -%define pkg_vers 9.10.3-P2 -%define rpm_vers 9.10.3P2 +%define pkg_vers 9.10.3-P3 +%define rpm_vers 9.10.3P3 %define idn_vers 1.0 Summary: Domain Name System (DNS) Server (named) License: ISC