Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Jeremy C. Reed <security-officer-2cKsPvgpMDY <at> public.gmane.org>
Subject: ISC BIND vulnerabilities are now public (CVE-2016-1285, CVE-2016-1286, CVE-2016-2088)
Newsgroups: gmane.comp.security.oss.general
Date: Wednesday 9th March 2016 20:02:46 UTC (about 1 year ago)
Please be advised that ISC announced security advisories for
vulnerabilities in ISC BIND.

CVE-2016-1285: An error parsing input received by the rndc control
channel can cause an assertion failure in sexpr.c or alist.c. All
versions since 9.2.0 are affected.
https://kb.isc.org/article/AA-01352

CVE-2016-1286: A problem parsing resource record signatures for
DNAME resource records can lead to an assertion failure in resolver.c
or db.c. All versions since 9.0.0 are affected.
https://kb.isc.org/article/AA-01353

CVE-2016-2088: A response containing multiple DNS cookies causes
servers with cookie support enabled to exit with an assertion
failure in resolver.c. This affects the 9.10.x versions.
https://kb.isc.org/article/AA-01351



Jeremy C. Reed
ISC Security Officer
 
CD: 5ms