File _patchinfo of Package patchinfo.3956

<patchinfo incident="3956">
  <issue id="1018700" tracker="bnc">VUL-0: EMBARGOED: CVE-2016-9131: bind: malformed response can cause assertion failure during recursion</issue>
  <issue id="1018701" tracker="bnc">VUL-0: EMBARGOED: CVE-2016-9147: bind: response containing inconsistent DNSSEC information could cause an assertion failure</issue>
  <issue id="1018702" tracker="bnc">VUL-0: EMBARGOED: CVE-2016-9444: bind: unusually-formed DS record response could cause an assertion failure</issue>
  <issue id="965748" tracker="bnc">bind: ldapdump script has issues</issue>
  <issue id="1018699" tracker="bnc">EMU: VUL-0: EMBARGOED: TRACKERBUG: bind: security update January 2017</issue>
  <issue id="2016-9147" tracker="cve" />
  <issue id="2016-9444" tracker="cve" />
  <issue id="2016-9131" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>nkukreja</packager>
  <description>
This update for bind fixes the following issues:

- Fix a potential assertion failure that could have been triggered by a
  malformed response to an ANY query, thereby facilitating a denial-of-service
  attack. [CVE-2016-9131, bsc#1018700, bsc#1018699]

- Fix a potential assertion failure that could have been triggered by
  responding to a query with inconsistent DNSSEC information, thereby
  facilitating a denial-of-service attack. [CVE-2016-9147, bsc#1018701,
  bsc#1018699]

- Fix potential assertion failure that could have been triggered by DNS
  responses that contain unusually-formed DS resource records, facilitating a
  denial-of-service attack. [CVE-2016-9444, bsc#1018702, bsc#1018699]

- Fixed ldapdump to use a temporary pseudo nameserver that conforms to BIND's
  expected syntax. Prior versions would not work correctly with an LDAP backed
  DNS server. [bsc#965748]
</description>
  <summary>Security update for bind</summary>
</patchinfo>