Overview

File _patchinfo of Package patchinfo.736

<patchinfo incident="736">
  <issue id="918330" tracker="bnc">VUL-1: CVE-2015-1349: bind: Problem with trust anchor management can cause named to crash</issue>
  <issue id="936476" tracker="bnc">VUL-0: EMBARGOED: CVE-2015-4620: bind: resolver crash when validating</issue>
  <issue id="CVE-2015-1349" tracker="cve" />
  <issue id="CVE-2015-4620" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>rmax</packager>
  <description>bind was updated to fix two security issues.

These security issues were fixed:
- CVE-2015-1349: Named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allowed remote attackers to cause a denial of service (assertion failure and daemon exit, or daemon crash) by triggering an incorrect trust-anchor management scenario in which no key is ready for use (bsc#918330).
- CVE-2015-4620: Fixed resolver crash when validating (bsc#936476).
  </description>
  <summary>Security update for bind</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places