bind: denial of service

• CVE-2016-1285:

Testing by ISC has uncovered a defect in control channel input handling
which can cause named to exit due to an assertion failure in sexpr.c or
alist.c when a malformed packet is sent to named’s control channel (the
interface which allows named to be controlled using the 'rndc" server
control utility).

This assertion occurs before authentication but after
network-address-based access controls have been applied. Or in other
words: an attacker does not need to have a key or other authentication,
but does need to be within the address list specified in the "controls"
statement in named.conf which enables the control channel. If no
"controls" statement is present in named.conf, named still defaults to
listening for control channel information on loopback addresses
(127.0.0.1 and ::1) if the file rndc.key is present in the configuration
directory and contains a valid key.

A search for similar problems revealed an associated defect in the rndc
server control utility whereby a malformed response from the server
could cause the rndc program to crash. For completeness, it is being
fixed at the same time even though this defect in the rndc utility is
not in itself exploitable.

• CVE-2016-1286:

An error when parsing signature records for DNAME records having
specific properties can lead to named exiting due to an assertion
failure in resolver.c or db.c.