Security update for bind
This update for bind fixes the following issues:
Fix two assertion failures that can lead to a remote denial of service attack:
* CVE-2016-1285: An error when parsing signature records for DNAME can lead to named exiting due to an assertion failure. (bsc#970072)
* CVE-2016-1286: An error when parsing signature records for DNAME records having specific properties can lead to named exiting due to an assertion failure in resolver.c or db.c. (bsc#970073)
This update was imported from the SUSE:SLE-12-SP1:Update update project.
-
Submitted by
Reinhard Max (rmax)
Fixed bugs
bnc#970073
VUL-0: EMBARGOED: CVE-2016-1286: bind: An error when parsing signature records for DNAME can lead to named exiting due to an assertion failure
bnc#970072
VUL-0: EMBARGOED: CVE-2016-1285: bind: assert failure on input parsing can cause premature exit
