[SECURITY] [DSA 3420-1] bind9 security update

2015-12-1521:03:48

lists.debian.org

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

JSON

Debian Security Advisory DSA-3420-1 [email protected]
https://www.debian.org/security/ Salvatore Bonaccorso
December 15, 2015 https://www.debian.org/security/faq

Package : bind9
CVE ID : CVE-2015-8000
Debian Bug : 808081

It was discovered that the BIND DNS server does not properly handle the
parsing of incoming responses, allowing some records with an incorrect
class to be accepted by BIND instead of being rejected as malformed.
This can trigger a REQUIRE assertion failure when those records are
subsequently cached. A remote attacker can exploit this flaw to cause a
denial of service against servers performing recursive queries.

For the oldstable distribution (wheezy), this problem has been fixed
in version 1:9.8.4.dfsg.P1-6+nmu2+deb7u8.

For the stable distribution (jessie), this problem has been fixed in
version 1:9.9.5.dfsg-9+deb8u4.

We recommend that you upgrade your bind9 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian8ppc64ellibdns100< 9.9.5.dfsg-9+deb8u4libdns100_9.9.5.dfsg-9+deb8u4_ppc64el.deb
Debian7ia64liblwres80< 9.8.4.dfsg.P1-6+nmu2+deb7u8liblwres80_9.8.4.dfsg.P1-6+nmu2+deb7u8_ia64.deb
Debian8kfreebsd-amd64bind9-host< 9.9.5.dfsg-9+deb8u4bind9-host_9.9.5.dfsg-9+deb8u4_kfreebsd-amd64.deb
Debian7sparclibisccfg82< 9.8.4.dfsg.P1-6+nmu2+deb7u8libisccfg82_9.8.4.dfsg.P1-6+nmu2+deb7u8_sparc.deb
Debian7armellibbind-dev< 9.8.4.dfsg.P1-6+nmu2+deb7u8libbind-dev_9.8.4.dfsg.P1-6+nmu2+deb7u8_armel.deb
Debian7armhflibisc84< 9.8.4.dfsg.P1-6+nmu2+deb7u8libisc84_9.8.4.dfsg.P1-6+nmu2+deb7u8_armhf.deb
Debian7mipseldnsutils< 9.8.4.dfsg.P1-6+nmu2+deb7u8dnsutils_9.8.4.dfsg.P1-6+nmu2+deb7u8_mipsel.deb
Debian7i386dnsutils< 9.8.4.dfsg.P1-6+nmu2+deb7u8dnsutils_9.8.4.dfsg.P1-6+nmu2+deb7u8_i386.deb
Debian8armhflibisccc90< 9.9.5.dfsg-9+deb8u4libisccc90_9.9.5.dfsg-9+deb8u4_armhf.deb
Debian8amd64libdns-export100< 9.9.5.dfsg-9+deb8u4libdns-export100_9.9.5.dfsg-9+deb8u4_amd64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	ppc64el	libdns100	< 9.9.5.dfsg-9+deb8u4	libdns100_9.9.5.dfsg-9+deb8u4_ppc64el.deb
Debian	7	ia64	liblwres80	< 9.8.4.dfsg.P1-6+nmu2+deb7u8	liblwres80_9.8.4.dfsg.P1-6+nmu2+deb7u8_ia64.deb
Debian	8	kfreebsd-amd64	bind9-host	< 9.9.5.dfsg-9+deb8u4	bind9-host_9.9.5.dfsg-9+deb8u4_kfreebsd-amd64.deb
Debian	7	sparc	libisccfg82	< 9.8.4.dfsg.P1-6+nmu2+deb7u8	libisccfg82_9.8.4.dfsg.P1-6+nmu2+deb7u8_sparc.deb
Debian	7	armel	libbind-dev	< 9.8.4.dfsg.P1-6+nmu2+deb7u8	libbind-dev_9.8.4.dfsg.P1-6+nmu2+deb7u8_armel.deb
Debian	7	armhf	libisc84	< 9.8.4.dfsg.P1-6+nmu2+deb7u8	libisc84_9.8.4.dfsg.P1-6+nmu2+deb7u8_armhf.deb
Debian	7	mipsel	dnsutils	< 9.8.4.dfsg.P1-6+nmu2+deb7u8	dnsutils_9.8.4.dfsg.P1-6+nmu2+deb7u8_mipsel.deb
Debian	7	i386	dnsutils	< 9.8.4.dfsg.P1-6+nmu2+deb7u8	dnsutils_9.8.4.dfsg.P1-6+nmu2+deb7u8_i386.deb
Debian	8	armhf	libisccc90	< 9.9.5.dfsg-9+deb8u4	libisccc90_9.9.5.dfsg-9+deb8u4_armhf.deb
Debian	8	amd64	libdns-export100	< 9.9.5.dfsg-9+deb8u4	libdns-export100_9.9.5.dfsg-9+deb8u4_amd64.deb