Lucene search

K
centosCentOS ProjectCESA-2016:2142
HistoryNov 02, 2016 - 4:06 p.m.

bind97 security update

2016-11-0216:06:46
CentOS Project
lists.centos.org
74

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.951

Percentile

99.3%

CentOS Errata and Security Advisory CESA-2016:2142

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name
System (DNS) protocols. BIND includes a DNS server (named); a resolver library
(routines for applications to use when interfacing with DNS); and tools for
verifying that the DNS server is operating correctly.

Security Fix(es):

  • A denial of service flaw was found in the way BIND handled responses
    containing a DNAME answer. A remote attacker could use this flaw to make named
    exit unexpectedly with an assertion failure via a specially crafted DNS
    response. (CVE-2016-8864)

Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges
Tony Finch (University of Cambridge) and Marco Davids (SIDN Labs) as the
original reporters.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2016-November/084300.html

Affected packages:
bind97
bind97-chroot
bind97-devel
bind97-libs
bind97-utils

Upstream details at:
https://access.redhat.com/errata/RHSA-2016:2142

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.951

Percentile

99.3%