diff options
| author | junovitch <junovitch@FreeBSD.org> | 2016-03-28 09:51:04 +0800 |
|---|---|---|
| committer | junovitch <junovitch@FreeBSD.org> | 2016-03-28 09:51:04 +0800 |
| commit | e8600696e02c72ec7e0de3b38933b7443e5f946e (patch) | |
| tree | 151286d05499da137d7ba926569bbf9160a51131 /security | |
| parent | 67ba2c9be0b3b491345cf5503657d18e5937d8e5 (diff) | |
| download | freebsd-ports-gnome-e8600696e02c72ec7e0de3b38933b7443e5f946e.tar.gz freebsd-ports-gnome-e8600696e02c72ec7e0de3b38933b7443e5f946e.tar.zst freebsd-ports-gnome-e8600696e02c72ec7e0de3b38933b7443e5f946e.zip | |
Document BIND security advisories
PR: 208034
Reported by: martin@lispworks.com
Security: CVE-2016-1285
Security: CVE-2016-1286
Security: CVE-2016-2088
Security: https://vuxml.FreeBSD.org/freebsd/c9075321-f483-11e5-92ce-002590263bf5.html
Security: https://vuxml.FreeBSD.org/freebsd/cba246d2-f483-11e5-92ce-002590263bf5.html
Security: https://vuxml.FreeBSD.org/freebsd/cd409df7-f483-11e5-92ce-002590263bf5.html
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 119 |
1 files changed, 119 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 8d718336dab1..14b070b7ef05 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,125 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="cd409df7-f483-11e5-92ce-002590263bf5"> + <topic>bind -- denial of service vulnerability</topic> + <affects> + <package> + <name>bind910</name> + <range><ge>9.10.0</ge><lt>9.10.3P4</lt></range> + </package> + <package> + <name>bind9-devel</name> + <range><lt>9.11.0.a20160309</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>ISC reports:</p> + <blockquote cite="https://kb.isc.org/article/AA-01351"> + <p>A response containing multiple DNS cookies causes servers with + cookie support enabled to exit with an assertion failure.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2016-2088</cvename> + <url>https://kb.isc.org/article/AA-01351</url> + </references> + <dates> + <discovery>2016-03-09</discovery> + <entry>2016-03-28</entry> + </dates> + </vuln> + + <vuln vid="cba246d2-f483-11e5-92ce-002590263bf5"> + <topic>bind -- denial of service vulnerability</topic> + <affects> + <package> + <name>bind98</name> + <range><le>9.8.8</le></range> + </package> + <package> + <name>bind99</name> + <range><ge>9.9.0</ge><lt>9.9.8P4</lt></range> + </package> + <package> + <name>bind910</name> + <range><ge>9.10.0</ge><lt>9.10.3P4</lt></range> + </package> + <package> + <name>bind9-devel</name> + <range><lt>9.11.0.a20160309</lt></range> + </package> + <package> + <name>FreeBSD</name> + <range><gt>9.3</gt><le>9.3_38</le></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>ISC reports:</p> + <blockquote cite="https://kb.isc.org/article/AA-01353"> + <p>A problem parsing resource record signatures for DNAME resource + records can lead to an assertion failure in resolver.c or db.c</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2016-1286</cvename> + <freebsdsa>SA-16:13.bind</freebsdsa> + <url>https://kb.isc.org/article/AA-01353</url> + </references> + <dates> + <discovery>2016-03-09</discovery> + <entry>2016-03-28</entry> + </dates> + </vuln> + + <vuln vid="c9075321-f483-11e5-92ce-002590263bf5"> + <topic>bind -- denial of service vulnerability</topic> + <affects> + <package> + <name>bind98</name> + <range><le>9.8.8</le></range> + </package> + <package> + <name>bind99</name> + <range><ge>9.9.0</ge><lt>9.9.8P4</lt></range> + </package> + <package> + <name>bind910</name> + <range><ge>9.10.0</ge><lt>9.10.3P4</lt></range> + </package> + <package> + <name>bind9-devel</name> + <range><lt>9.11.0.a20160309</lt></range> + </package> + <package> + <name>FreeBSD</name> + <range><gt>9.3</gt><le>9.3_38</le></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>ISC reports:</p> + <blockquote cite="https://kb.isc.org/article/AA-01352"> + <p>An error parsing input received by the rndc control channel can + cause an assertion failure in sexpr.c or alist.c.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2016-1285</cvename> + <freebsdsa>SA-16:13.bind</freebsdsa> + <url>https://kb.isc.org/article/AA-01352</url> + </references> + <dates> + <discovery>2016-03-09</discovery> + <entry>2016-03-28</entry> + </dates> + </vuln> + <vuln vid="6d25c306-f3bb-11e5-92ce-002590263bf5"> <topic>salt -- Insecure configuration of PAM external authentication service</topic> <affects> |