Overview Details Repositories Revisions Requests Users Attributes Meta
Security update for bind

bind was updated to fix three security issues.

These security issues were fixed:
- CVE-2015-1349: named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allowed remote attackers to cause a denial of service (assertion failure and daemon exit, or daemon crash) by triggering an incorrect trust-anchor management scenario in which no key is ready for use (bsc#918330).
- CVE-2014-8500: ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through 9.10.1 did not limit delegation chaining, which allowed remote attackers to cause a denial of service (memory consumption and named crash) via a large or infinite number of referrals (bsc#908994).
- CVE-2015-4620: Resolver crash when validating (bsc#936476).

Fixed bugs
bnc#937028
Wrong bind version
bnc#936476
VUL-0: CVE-2015-4620: bind: resolver crash when validating
bnc#918330
VUL-1: CVE-2015-1349: bind: Problem with trust anchor management can cause named to crash
bnc#908994
VUL-0: CVE-2014-8500: bind: A Defect in Delegation Handling Can Be Exploited to Crash BIND
CVE-CVE-2015-1349
CVE-CVE-2014-8500
CVE-CVE-2015-4620
Selected Binaries
openSUSE Build Service is sponsored by
Places