Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
slackwareSlackware Linux ProjectSSA-2015-349-01
HistoryDec 16, 2015 - 6:24 a.m.

[slackware-security] bind

2015-12-1606:24:47
Slackware Linux Project
www.slackware.com
15

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

0.955 High

EPSS

Percentile

99.4%

JSON

New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:

patches/packages/bind-9.9.8_P2-x86_64-1_slack14.1.txz: Upgraded.
This update fixes three security issues:
Update allowed OpenSSL versions as named is potentially vulnerable
to CVE-2015-3193.
Insufficient testing when parsing a message allowed records with an
incorrect class to be be accepted, triggering a REQUIRE failure when
those records were subsequently cached. (CVE-2015-8000)
Address fetch context reference count handling error on socket error.
(CVE-2015-8461)
For more information, see:
https://vulners.com/cve/CVE-2015-3193
https://vulners.com/cve/CVE-2015-8000
https://vulners.com/cve/CVE-2015-8461
(* Security fix *)

Where to find the new packages:

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/bind-9.9.8_P2-i486-1_slack13.0.txz

Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/bind-9.9.8_P2-x86_64-1_slack13.0.txz

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/bind-9.9.8_P2-i486-1_slack13.1.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/bind-9.9.8_P2-x86_64-1_slack13.1.txz

Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/bind-9.9.8_P2-i486-1_slack13.37.txz

Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/bind-9.9.8_P2-x86_64-1_slack13.37.txz

Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/bind-9.9.8_P2-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/bind-9.9.8_P2-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/bind-9.9.8_P2-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/bind-9.9.8_P2-x86_64-1_slack14.1.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/bind-9.10.3_P2-i586-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/bind-9.10.3_P2-x86_64-1.txz

MD5 signatures:

Slackware 13.0 package:
ef466df7b5c30de3b1823ae2ef7c0820 bind-9.9.8_P2-i486-1_slack13.0.txz

Slackware x86_64 13.0 package:
4d6fd1a921302be279fb00b8f3c5209f bind-9.9.8_P2-x86_64-1_slack13.0.txz

Slackware 13.1 package:
de9cea0aaf0123e1b480582a97b5a483 bind-9.9.8_P2-i486-1_slack13.1.txz

Slackware x86_64 13.1 package:
3d06836402ee2265194d819bf59ebef5 bind-9.9.8_P2-x86_64-1_slack13.1.txz

Slackware 13.37 package:
084270843411521f1d5f7dfee0faf05a bind-9.9.8_P2-i486-1_slack13.37.txz

Slackware x86_64 13.37 package:
2cb2bfdb94e52725bccecea29e5a5bc1 bind-9.9.8_P2-x86_64-1_slack13.37.txz

Slackware 14.0 package:
b653a7dd7b8591ccbd434bb2ec2e395f bind-9.9.8_P2-i486-1_slack14.0.txz

Slackware x86_64 14.0 package:
d6db5ba1f2c1ae0c99457b1866d9b752 bind-9.9.8_P2-x86_64-1_slack14.0.txz

Slackware 14.1 package:
ffaf96b22a3148f23d6cb0349c4fa745 bind-9.9.8_P2-i486-1_slack14.1.txz

Slackware x86_64 14.1 package:
5382418d8d2044f567934b24f280592b bind-9.9.8_P2-x86_64-1_slack14.1.txz

Slackware -current package:
8a998dd407304fb10e8df8c92655ff54 n/bind-9.10.3_P2-i586-1.txz

Slackware x86_64 -current package:
545b71ea3107b6a7796fb21cf1dfd311 n/bind-9.10.3_P2-x86_64-1.txz

Installation instructions:

Upgrade the package as root:
> upgradepkg bind-9.9.8_P2-i486-1_slack14.1.txz

Then, restart the name server:

> /etc/rc.d/rc.bind restart

Related

nessus 52
openvas 38
freebsd 2
openwrt 1
fedora 11
amazon 1
ibm 21
f5 9
prion 5
debiancve 4
redhat 5
suse 7
ubuntucve 5
cve 5
debian 3
oraclelinux 3
freebsd_advisory 1
centos 3
veracode 2
osv 3
aix 1
ubuntu 2
mageia 1
hackerone 1
openssl 3
archlinux 4
alpinelinux 1
fortinet 1
cisco 1
symantec 1
slackware 1
redhatcve 1
nessus
nessus
Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : bind (SSA:2015-349-01)
2015-12-16 00:00:00
FreeBSD : bind -- multiple vulnerabilities (a8ec4db7-a398-11e5-85e9-14dae9d210b8)
2015-12-16 00:00:00
Fedora 23 : bind-9.10.3-7.P2.fc23 / bind-dyndb-ldap-8.0-4.fc23 / dnsperf-2.0.0.0-19.fc23 (2015-09bf9e06ea)
2016-03-04 00:00:00
openvas
openvas
Slackware: Security Advisory (SSA:2015-349-01)
2022-04-21 00:00:00
Fedora Update for bind-dyndb-ldap FEDORA-2015-2
2015-12-23 00:00:00
Fedora Update for dnsperf FEDORA-2015-2
2015-12-23 00:00:00
freebsd
freebsd
bind -- multiple vulnerabilities
2015-11-24 00:00:00
openssl -- multiple vulnerabilities
2015-12-03 00:00:00
openwrt
openwrt
bind: Security update (4 CVEs)
2016-01-24 13:33:41
fedora
fedora
[SECURITY] Fedora 22 Update: bind-9.10.3-7.P2.fc22
2015-12-22 07:25:05
[SECURITY] Fedora 23 Update: bind-dyndb-ldap-8.0-4.fc23
2015-12-19 18:29:20
[SECURITY] Fedora 22 Update: dnsperf-2.0.0.0-19.fc22
2015-12-22 07:25:05
amazon
amazon
Critical: bind
2015-12-15 13:00:00
ibm
ibm
Security Bulletin: IBM i is affected by networking BIND vulnerabilities.
2019-12-18 14:26:38
Security Bulletin: Vulnerabilities in OpenSSL affect IBM MQ Light (CVE-2015-3193, CVE-2015-3194)
2018-06-15 07:04:30
Security Bulletin: Vulnerabilities in SSL affect IBM DataPower Gateways (CVE-2015-3193, CVE-2015-3195, CVE-2015-1794)
2021-06-08 22:18:27
f5
f5
SOL30673534 - BIND vulnerability CVE-2015-8461
2015-12-16 00:00:00
K30673534 : BIND vulnerability CVE-2015-8461
2015-12-16 00:00:00
K34250741 : BIND vulnerability CVE-2015-8000
2015-12-16 00:00:00
prion
prion
Race condition
2015-12-16 15:59:00
Authentication flaw
2015-12-16 15:59:00
Code injection
2015-12-06 20:59:00
debiancve
debiancve
CVE-2015-8461
2015-12-16 15:59:00
CVE-2015-8000
2015-12-16 15:59:00
CVE-2015-3193
2015-12-06 20:59:00
redhat
redhat
(RHSA-2015:2658) Important: bind97 security update
2015-12-16 00:00:00
(RHSA-2015:2655) Important: bind security update
2015-12-16 00:00:00
(RHSA-2015:2656) Important: bind security update
2015-12-16 00:00:00
suse
suse
Security update for bind (important)
2015-12-29 17:11:00
Security update for bind (important)
2015-12-25 19:10:40
Security update for bind (important)
2015-12-22 16:28:13
ubuntucve
ubuntucve
CVE-2015-8000
2015-12-15 00:00:00
CVE-2015-8461
2015-12-15 00:00:00
CVE-2015-3193
2015-12-03 00:00:00
cve
cve
CVE-2015-8461
2015-12-16 15:59:00
CVE-2015-8000
2015-12-16 15:59:00
CVE-2015-3193
2015-12-06 20:59:00
debian
debian
[SECURITY] [DSA 3420-1] bind9 security update
2015-12-15 21:03:48
[SECURITY] [DLA 370-1] bind9 security update
2015-12-16 23:02:22
[SECURITY] [DSA 3420-1] bind9 security update
2015-12-15 21:03:48
oraclelinux
oraclelinux
bind security update
2015-12-16 00:00:00
bind security update
2015-12-16 00:00:00
bind97 security update
2015-12-16 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-15:27.bind
2015-12-16 00:00:00
centos
centos
bind97 security update
2015-12-16 20:24:27
bind, caching security update
2015-12-16 20:26:24
bind security update
2015-12-16 20:01:41
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:09:11
Information Disclosure
2017-02-10 02:30:14
osv
osv
bind9 - security update
2015-12-17 00:00:00
CVE-2017-3732
2017-05-04 19:29:00
CVE-2017-3738
2017-12-07 16:29:00
aix
aix
Vulnerability in BIND affects AIX,Vulnerability in BIND affects VIOS
2016-02-25 09:58:38
ubuntu
ubuntu
Bind vulnerability
2015-12-15 00:00:00
OpenSSL vulnerabilities
2015-12-07 00:00:00
mageia
mageia
Updated bind packages fix security vulnerability
2015-12-20 12:15:38
hackerone
hackerone
Internet Bug Bounty: BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193)
2016-04-04 11:54:00
openssl
openssl
Vulnerability in OpenSSL CVE-2015-3193
2015-12-03 00:00:00
Vulnerability in OpenSSL CVE-2017-3732
2017-01-26 00:00:00
Vulnerability in OpenSSL CVE-2017-3738
2017-12-07 00:00:00
archlinux
archlinux
bind: denial of service
2015-12-16 00:00:00
[ASA-201701-36] lib32-openssl: multiple issues
2017-01-27 00:00:00
[ASA-201701-37] openssl: multiple issues
2017-01-28 00:00:00
alpinelinux
alpinelinux
CVE-2017-3732
2017-05-04 19:29:00
fortinet
fortinet
OpenSSL Advisory - December 2015
2015-12-10 00:00:00
cisco
cisco
Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products
2015-12-04 17:38:00
symantec
symantec
SA105 : OpenSSL Vulnerabilities 3-Dec-2015
2015-12-10 08:00:00
slackware
slackware
[slackware-security] openssl
2015-12-16 06:25:41
redhatcve
redhatcve
CVE-2017-3738
2019-10-08 22:39:45

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

0.955 High

EPSS

Percentile

99.4%

JSON
Related for SSA-2015-349-01
nessus52openvas38freebsd2openwrt1fedora11amazon1ibm21f59prion5debiancve4redhat5suse7ubuntucve5cve5debian3oraclelinux3freebsd_advisory1centos3veracode2osv3aix1ubuntu2mageia1hackerone1openssl3archlinux4alpinelinux1fortinet1cisco1symantec1slackware1redhatcve1