SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   BIND Vendors:   ISC (Internet Software Consortium)
(Oracle Issues Fix for Oracle Linux) ISC BIND Overflow in Processing Address Prefix List Data Lets Remote Authenticated Users Cause the Target Service to Crash
SecurityTracker Alert ID:  1037266
SecurityTracker URL:  http://securitytracker.com/id/1037266
CVE Reference:   CVE-2015-8704   (Links to External Site)
Date:  Nov 11 2016
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 9.3.0 - 9.8.8, 9.9.0 - 9.9.8-P2, 9.9.3-S1 - 9.9.8-S3, 9.10.0 - 9.10.3-P2
Description:   A vulnerability was reported in ISC BIND. A remote authenticated user can cause the target service to crash.

A remote authenticated user can send specially crafted Address Prefix List (APL) data to trigger a buffer overflow and cause the target named service to crash.

The vulnerability resides in 'apl_42.c'.

Impact:   A remote authenticated user can cause the target 'named' service to crash.
Solution:   Oracle has issued a fix.

The Oracle Linux advisory is available at:

http://linux.oracle.com/errata/ELSA-2016-2615.html

Vendor URL:  linux.oracle.com/errata/ELSA-2016-2615.html (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Oracle)
Underlying OS Comments:  7

Message History:   This archive entry is a follow-up to the message listed below.
Jan 20 2016 ISC BIND Overflow in Processing Address Prefix List Data Lets Remote Authenticated Users Cause the Target Service to Crash



 Source Message Contents

Subject:  [El-errata] ELSA-2016-2615 Important: Oracle Linux 7 bind security update

Oracle Linux Security Advisory ELSA-2016-2615

http://linux.oracle.com/errata/ELSA-2016-2615.html

The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
bind-9.9.4-38.el7_3.x86_64.rpm
bind-chroot-9.9.4-38.el7_3.x86_64.rpm
bind-devel-9.9.4-38.el7_3.i686.rpm
bind-devel-9.9.4-38.el7_3.x86_64.rpm
bind-libs-9.9.4-38.el7_3.i686.rpm
bind-libs-9.9.4-38.el7_3.x86_64.rpm
bind-libs-lite-9.9.4-38.el7_3.i686.rpm
bind-libs-lite-9.9.4-38.el7_3.x86_64.rpm
bind-license-9.9.4-38.el7_3.noarch.rpm
bind-lite-devel-9.9.4-38.el7_3.i686.rpm
bind-lite-devel-9.9.4-38.el7_3.x86_64.rpm
bind-pkcs11-9.9.4-38.el7_3.x86_64.rpm
bind-pkcs11-devel-9.9.4-38.el7_3.i686.rpm
bind-pkcs11-devel-9.9.4-38.el7_3.x86_64.rpm
bind-pkcs11-libs-9.9.4-38.el7_3.i686.rpm
bind-pkcs11-libs-9.9.4-38.el7_3.x86_64.rpm
bind-pkcs11-utils-9.9.4-38.el7_3.x86_64.rpm
bind-sdb-9.9.4-38.el7_3.x86_64.rpm
bind-sdb-chroot-9.9.4-38.el7_3.x86_64.rpm
bind-utils-9.9.4-38.el7_3.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/bind-9.9.4-38.el7_3.src.rpm



Description of changes:

[32:9.9.4-38]
- Fix CVE-2016-8864

[32:9.9.4-37]
- Fix CVE-2016-2776

[32:9.9.4-36]
- Added automatic interface scan functionality (#1294506)
- Removed NetworkManager dispatcher script since it is not needed any 
more (#1294506)

[32:9.9.4-35]
- Added GeoIP support (#1220594)

[32:9.9.4-34]
- Added support for CAA records (#1306610)
- Use HTTPS URL instead of FTP for upstream sources (#1319280)

[32:9.9.4-33]
- Fix excessive queries caused by DS chasing with stub zones when DNSSEC 
is not used (#1291185)
- Fix error in internal test suite (#1259514)
- Fix named-checkconf call in *-chroot.service files (#1278082)
- Fix incorrect path in BIND sample configuration and added comment to 
default configuration (#1247502)

[32:9.9.4-32]
- Fix CVE-2016-1285 and CVE-2016-1286

[32:9.9.4-31]
- Fix CVE-2015-8704

[32:9.9.4-30]
- Fix CVE-2015-8000


_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC