SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   BIND Vendors:   ISC (Internet Software Consortium)
(Oracle Issues Fix for Oracle Linux) ISC BIND Overflow in Processing Address Prefix List Data Lets Remote Authenticated Users Cause the Target Service to Crash
SecurityTracker Alert ID:  1034834
SecurityTracker URL:  http://securitytracker.com/id/1034834
CVE Reference:   CVE-2015-8704   (Links to External Site)
Date:  Jan 28 2016
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 9.3.0 - 9.8.8, 9.9.0 - 9.9.8-P2, 9.9.3-S1 - 9.9.8-S3, 9.10.0 - 9.10.3-P2
Description:   A vulnerability was reported in ISC BIND. A remote authenticated user can cause the target service to crash.

A remote authenticated user can send specially crafted Address Prefix List (APL) data to trigger a buffer overflow and cause the target named service to crash.

The vulnerability resides in 'apl_42.c'.

Impact:   A remote authenticated user can cause the target 'named' service to crash.
Solution:   Oracle has issued a fix.

The Oracle Linux advisory is available at:

http://linux.oracle.com/errata/ELSA-2016-0073.html

Vendor URL:  linux.oracle.com/errata/ELSA-2016-0073.html (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Oracle)
Underlying OS Comments:  5, 6, 7

Message History:   This archive entry is a follow-up to the message listed below.
Jan 20 2016 ISC BIND Overflow in Processing Address Prefix List Data Lets Remote Authenticated Users Cause the Target Service to Crash



 Source Message Contents

Subject:  [El-errata] ELSA-2016-0073 Moderate: Oracle Linux 6 bind security update

Oracle Linux Security Advisory ELSA-2016-0073

http://linux.oracle.com/errata/ELSA-2016-0073.html

The following updated rpms for Oracle Linux 6 have been uploaded to the 
Unbreakable Linux Network:

i386:
bind-9.8.2-0.37.rc1.el6_7.6.i686.rpm
bind-chroot-9.8.2-0.37.rc1.el6_7.6.i686.rpm
bind-devel-9.8.2-0.37.rc1.el6_7.6.i686.rpm
bind-libs-9.8.2-0.37.rc1.el6_7.6.i686.rpm
bind-sdb-9.8.2-0.37.rc1.el6_7.6.i686.rpm
bind-utils-9.8.2-0.37.rc1.el6_7.6.i686.rpm

x86_64:
bind-9.8.2-0.37.rc1.el6_7.6.x86_64.rpm
bind-chroot-9.8.2-0.37.rc1.el6_7.6.x86_64.rpm
bind-devel-9.8.2-0.37.rc1.el6_7.6.i686.rpm
bind-devel-9.8.2-0.37.rc1.el6_7.6.x86_64.rpm
bind-libs-9.8.2-0.37.rc1.el6_7.6.i686.rpm
bind-libs-9.8.2-0.37.rc1.el6_7.6.x86_64.rpm
bind-sdb-9.8.2-0.37.rc1.el6_7.6.x86_64.rpm
bind-utils-9.8.2-0.37.rc1.el6_7.6.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/bind-9.8.2-0.37.rc1.el6_7.6.src.rpm



Description of changes:

[32:9.8.2-0.37.rc1.6]
- Fix CVE-2015-8704


_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC