[SECURITY] [DLA 370-1] bind9 security update

2015-12-1623:02:22

lists.debian.org

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.955 High

EPSS

Percentile

99.4%

JSON

Package : bind9
Version : 1:9.7.3.dfsg-1~squeeze18
CVE ID : CVE-2015-8000

It was discovered that the BIND DNS server does not properly handle the
parsing of incoming responses, allowing some records with an incorrect
class to be accepted by BIND instead of being rejected as malformed.
This can trigger a REQUIRE assertion failure when those records are
subsequently cached. A remote attacker can exploit this flaw to cause a
denial of service against servers performing recursive queries.

OSVersionArchitecturePackageVersionFilename
Debian7kfreebsd-i386lwresd< 1:9.8.4.dfsg.P1-6+nmu2+deb7u8lwresd_1:9.8.4.dfsg.P1-6+nmu2+deb7u8_kfreebsd-i386.deb
Debian8kfreebsd-amd64libdns100< 1:9.9.5.dfsg-9+deb8u4libdns100_1:9.9.5.dfsg-9+deb8u4_kfreebsd-amd64.deb
Debian8mipsellibdns100< 1:9.9.5.dfsg-9+deb8u4libdns100_1:9.9.5.dfsg-9+deb8u4_mipsel.deb
Debian8armhflibisccfg90< 1:9.9.5.dfsg-9+deb8u4libisccfg90_1:9.9.5.dfsg-9+deb8u4_armhf.deb
Debian7amd64libisccfg82< 1:9.8.4.dfsg.P1-6+nmu2+deb7u8libisccfg82_1:9.8.4.dfsg.P1-6+nmu2+deb7u8_amd64.deb
Debian8ppc64ellibbind-dev< 1:9.9.5.dfsg-9+deb8u4libbind-dev_1:9.9.5.dfsg-9+deb8u4_ppc64el.deb
Debian8kfreebsd-amd64liblwres90< 1:9.9.5.dfsg-9+deb8u4liblwres90_1:9.9.5.dfsg-9+deb8u4_kfreebsd-amd64.deb
Debian8amd64libisccfg-export90-udeb< 1:9.9.5.dfsg-9+deb8u4libisccfg-export90-udeb_1:9.9.5.dfsg-9+deb8u4_amd64.deb
Debian7mipselbind9< 1:9.8.4.dfsg.P1-6+nmu2+deb7u8bind9_1:9.8.4.dfsg.P1-6+nmu2+deb7u8_mipsel.deb
Debian7sparcdnsutils< 1:9.8.4.dfsg.P1-6+nmu2+deb7u8dnsutils_1:9.8.4.dfsg.P1-6+nmu2+deb7u8_sparc.deb

OS	Version	Architecture	Package	Version	Filename
Debian	7	kfreebsd-i386	lwresd	< 1:9.8.4.dfsg.P1-6+nmu2+deb7u8	lwresd_1:9.8.4.dfsg.P1-6+nmu2+deb7u8_kfreebsd-i386.deb
Debian	8	kfreebsd-amd64	libdns100	< 1:9.9.5.dfsg-9+deb8u4	libdns100_1:9.9.5.dfsg-9+deb8u4_kfreebsd-amd64.deb
Debian	8	mipsel	libdns100	< 1:9.9.5.dfsg-9+deb8u4	libdns100_1:9.9.5.dfsg-9+deb8u4_mipsel.deb
Debian	8	armhf	libisccfg90	< 1:9.9.5.dfsg-9+deb8u4	libisccfg90_1:9.9.5.dfsg-9+deb8u4_armhf.deb
Debian	7	amd64	libisccfg82	< 1:9.8.4.dfsg.P1-6+nmu2+deb7u8	libisccfg82_1:9.8.4.dfsg.P1-6+nmu2+deb7u8_amd64.deb
Debian	8	ppc64el	libbind-dev	< 1:9.9.5.dfsg-9+deb8u4	libbind-dev_1:9.9.5.dfsg-9+deb8u4_ppc64el.deb
Debian	8	kfreebsd-amd64	liblwres90	< 1:9.9.5.dfsg-9+deb8u4	liblwres90_1:9.9.5.dfsg-9+deb8u4_kfreebsd-amd64.deb
Debian	8	amd64	libisccfg-export90-udeb	< 1:9.9.5.dfsg-9+deb8u4	libisccfg-export90-udeb_1:9.9.5.dfsg-9+deb8u4_amd64.deb
Debian	7	mipsel	bind9	< 1:9.8.4.dfsg.P1-6+nmu2+deb7u8	bind9_1:9.8.4.dfsg.P1-6+nmu2+deb7u8_mipsel.deb
Debian	7	sparc	dnsutils	< 1:9.8.4.dfsg.P1-6+nmu2+deb7u8	dnsutils_1:9.8.4.dfsg.P1-6+nmu2+deb7u8_sparc.deb