SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   BIND Vendors:   ISC (Internet Software Consortium)
(CentOS Issues Fix) BIND Bug in 'buffer.c' Constructing Query Responses Lets Remote Users Cause the Target Service to Crash
SecurityTracker Alert ID:  1036913
SecurityTracker URL:  http://securitytracker.com/id/1036913
CVE Reference:   CVE-2016-2776   (Links to External Site)
Date:  Sep 28 2016
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 9.0.x - 9.8.x, 9.9.0 - 9.9.9-P2, 9.9.3-S1 - 9.9.9-S3, 9.10.0 - 9.10.4-P2, 9.11.0a1 - 9.11.0rc1
Description:   A vulnerability was reported in BIND. A remote user can cause the target service to crash.

A remote user can send a specially crafted query to trigger an error in 'buffer.c' in constructing a response to the query and cause the target service to crash.

Packets with a source address that does not match the 'allow-query' statement can also trigger this flaw.

Impact:   A remote user can cause the target service to crash.
Solution:   CentOS has issued a fix for bind97.

i386:
0287806bd71e8e421c0501ecb6a68dbf1151af8f0e9de0daa710926c4a13ee83 bind97-9.7.0-21.P2.el5_11.7.i386.rpm
9add0a27aa3ac3cae05ee4078eea561fc72710afdccc29ceb96cacc266fa9836 bind97-chroot-9.7.0-21.P2.el5_11.7.i386.rpm
6e97312ceb902a8e557818e1925d463c0698a9c7675dd29762fd281f0e15a09f bind97-devel-9.7.0-21.P2.el5_11.7.i386.rpm
564f2d5551c38e5964e077d0e58f0ce74728387b946104f2e0a1ccea52741436 bind97-libs-9.7.0-21.P2.el5_11.7.i386.rpm
682e4c3291c8a23ed03e2b4e9fadce29942c0a11a9f3771b054243e0f25120dc bind97-utils-9.7.0-21.P2.el5_11.7.i386.rpm

x86_64:
ca70cd20042c6effb80d73c6b65526bedc03c86fb1694148bbe1ceb812428ccf bind97-9.7.0-21.P2.el5_11.7.x86_64.rpm
dcf6f7d32285ec343746b71f0a7bef00ac8b06587d84c61c43bba1c6998cb943 bind97-chroot-9.7.0-21.P2.el5_11.7.x86_64.rpm
6e97312ceb902a8e557818e1925d463c0698a9c7675dd29762fd281f0e15a09f bind97-devel-9.7.0-21.P2.el5_11.7.i386.rpm
aeef7f5a34885c7329324e543deb4cf14fdf9d25a56ca12a58c3cba3ab27e31b bind97-devel-9.7.0-21.P2.el5_11.7.x86_64.rpm
564f2d5551c38e5964e077d0e58f0ce74728387b946104f2e0a1ccea52741436 bind97-libs-9.7.0-21.P2.el5_11.7.i386.rpm
cad9c75a15ed6141861cedba73335ecfea9d2f06eab685dafa0b448c01c3c51d bind97-libs-9.7.0-21.P2.el5_11.7.x86_64.rpm
bc404b5eec08c18d8d1fed001ab7472f4494ddcc81d57040c5c12f34199b454c bind97-utils-9.7.0-21.P2.el5_11.7.x86_64.rpm

Source:
189d911ca42c444d19aeebf6ca11004e4e91a9a3de12418f25271529bc51b563 bind97-9.7.0-21.P2.el5_11.7.src.rpm

Cause:   Not specified
Underlying OS:  Linux (CentOS)
Underlying OS Comments:  5

Message History:   This archive entry is a follow-up to the message listed below.
Sep 27 2016 BIND Bug in 'buffer.c' Constructing Query Responses Lets Remote Users Cause the Target Service to Crash



 Source Message Contents

Subject:  [CentOS-announce] CESA-2016:1945 Important CentOS 5 bind97 Security Update


CentOS Errata and Security Advisory 2016:1945 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-1945.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
0287806bd71e8e421c0501ecb6a68dbf1151af8f0e9de0daa710926c4a13ee83  bind97-9.7.0-21.P2.el5_11.7.i386.rpm
9add0a27aa3ac3cae05ee4078eea561fc72710afdccc29ceb96cacc266fa9836  bind97-chroot-9.7.0-21.P2.el5_11.7.i386.rpm
6e97312ceb902a8e557818e1925d463c0698a9c7675dd29762fd281f0e15a09f  bind97-devel-9.7.0-21.P2.el5_11.7.i386.rpm
564f2d5551c38e5964e077d0e58f0ce74728387b946104f2e0a1ccea52741436  bind97-libs-9.7.0-21.P2.el5_11.7.i386.rpm
682e4c3291c8a23ed03e2b4e9fadce29942c0a11a9f3771b054243e0f25120dc  bind97-utils-9.7.0-21.P2.el5_11.7.i386.rpm

x86_64:
ca70cd20042c6effb80d73c6b65526bedc03c86fb1694148bbe1ceb812428ccf  bind97-9.7.0-21.P2.el5_11.7.x86_64.rpm
dcf6f7d32285ec343746b71f0a7bef00ac8b06587d84c61c43bba1c6998cb943  bind97-chroot-9.7.0-21.P2.el5_11.7.x86_64.rpm
6e97312ceb902a8e557818e1925d463c0698a9c7675dd29762fd281f0e15a09f  bind97-devel-9.7.0-21.P2.el5_11.7.i386.rpm
aeef7f5a34885c7329324e543deb4cf14fdf9d25a56ca12a58c3cba3ab27e31b  bind97-devel-9.7.0-21.P2.el5_11.7.x86_64.rpm
564f2d5551c38e5964e077d0e58f0ce74728387b946104f2e0a1ccea52741436  bind97-libs-9.7.0-21.P2.el5_11.7.i386.rpm
cad9c75a15ed6141861cedba73335ecfea9d2f06eab685dafa0b448c01c3c51d  bind97-libs-9.7.0-21.P2.el5_11.7.x86_64.rpm
bc404b5eec08c18d8d1fed001ab7472f4494ddcc81d57040c5c12f34199b454c  bind97-utils-9.7.0-21.P2.el5_11.7.x86_64.rpm

Source:
189d911ca42c444d19aeebf6ca11004e4e91a9a3de12418f25271529bc51b563  bind97-9.7.0-21.P2.el5_11.7.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC