Security update for bind SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2016:0825-1 Final 1 1 2016-03-18T15:33:02Z current 2016-03-18T15:33:02Z 2016-03-18T15:33:02Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for bind This update for bind fixes the following issues: Fix two assertion failures that can lead to a remote denial of service attack: * CVE-2016-1285: An error when parsing signature records for DNAME can lead to named exiting due to an assertion failure. (bsc#970072) * CVE-2016-1286: An error when parsing signature records for DNAME records having specific properties can lead to named exiting due to an assertion failure in resolver.c or db.c. (bsc#970073) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). sdksp4-bind-12464,sledsp4-bind-12464,slessp2-bind-12464,slessp3-bind-12464,slessp4-bind-12464 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2016/suse-su-20160825-1/ Link for SUSE-SU-2016:0825-1 https://lists.suse.com/pipermail/sle-security-updates/2016-March/001958.html E-Mail link for SUSE-SU-2016:0825-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/970072 SUSE Bug 970072 https://bugzilla.suse.com/970073 SUSE Bug 970073 https://www.suse.com/security/cve/CVE-2016-1285/ SUSE CVE CVE-2016-1285 page https://www.suse.com/security/cve/CVE-2016-1286/ SUSE CVE CVE-2016-1286 page SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP2-LTSS SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 bind-devel-9.9.6P1-0.25.1 bind-devel-32bit-9.9.6P1-0.25.1 bind-libs-9.9.6P1-0.25.1 bind-libs-32bit-9.9.6P1-0.25.1 bind-utils-9.9.6P1-0.25.1 bind-9.9.6P1-0.25.1 bind-chrootenv-9.9.6P1-0.25.1 bind-doc-9.9.6P1-0.25.1 bind-libs-x86-9.9.6P1-0.25.1 bind-libs-9.9.6P1-0.25.1 as a component of SUSE Linux Enterprise Desktop 11 SP4 bind-libs-32bit-9.9.6P1-0.25.1 as a component of SUSE Linux Enterprise Desktop 11 SP4 bind-utils-9.9.6P1-0.25.1 as a component of SUSE Linux Enterprise Desktop 11 SP4 bind-9.9.6P1-0.25.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS bind-chrootenv-9.9.6P1-0.25.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS bind-devel-9.9.6P1-0.25.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS bind-doc-9.9.6P1-0.25.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS bind-libs-9.9.6P1-0.25.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS bind-libs-32bit-9.9.6P1-0.25.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS bind-utils-9.9.6P1-0.25.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS bind-9.9.6P1-0.25.1 as a component of SUSE Linux Enterprise Server 11 SP3-LTSS bind-chrootenv-9.9.6P1-0.25.1 as a component of SUSE Linux Enterprise Server 11 SP3-LTSS bind-doc-9.9.6P1-0.25.1 as a component of SUSE Linux Enterprise Server 11 SP3-LTSS bind-libs-9.9.6P1-0.25.1 as a component of SUSE Linux Enterprise Server 11 SP3-LTSS bind-libs-32bit-9.9.6P1-0.25.1 as a component of SUSE Linux Enterprise Server 11 SP3-LTSS bind-utils-9.9.6P1-0.25.1 as a component of SUSE Linux Enterprise Server 11 SP3-LTSS bind-9.9.6P1-0.25.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA bind-chrootenv-9.9.6P1-0.25.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA bind-doc-9.9.6P1-0.25.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA bind-libs-9.9.6P1-0.25.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA bind-libs-32bit-9.9.6P1-0.25.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA bind-utils-9.9.6P1-0.25.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA bind-9.9.6P1-0.25.1 as a component of SUSE Linux Enterprise Server 11 SP4 bind-chrootenv-9.9.6P1-0.25.1 as a component of SUSE Linux Enterprise Server 11 SP4 bind-doc-9.9.6P1-0.25.1 as a component of SUSE Linux Enterprise Server 11 SP4 bind-libs-9.9.6P1-0.25.1 as a component of SUSE Linux Enterprise Server 11 SP4 bind-libs-32bit-9.9.6P1-0.25.1 as a component of SUSE Linux Enterprise Server 11 SP4 bind-libs-x86-9.9.6P1-0.25.1 as a component of SUSE Linux Enterprise Server 11 SP4 bind-utils-9.9.6P1-0.25.1 as a component of SUSE Linux Enterprise Server 11 SP4 bind-9.9.6P1-0.25.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 bind-chrootenv-9.9.6P1-0.25.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 bind-doc-9.9.6P1-0.25.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 bind-libs-9.9.6P1-0.25.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 bind-libs-32bit-9.9.6P1-0.25.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 bind-libs-x86-9.9.6P1-0.25.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 bind-utils-9.9.6P1-0.25.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 bind-devel-9.9.6P1-0.25.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 bind-devel-32bit-9.9.6P1-0.25.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c. CVE-2016-1285 SUSE Linux Enterprise Desktop 11 SP4:bind-libs-32bit-9.9.6P1-0.25.1 SUSE Linux Enterprise Desktop 11 SP4:bind-libs-9.9.6P1-0.25.1 SUSE Linux Enterprise Desktop 11 SP4:bind-utils-9.9.6P1-0.25.1 SUSE Linux Enterprise Server 11 SP2-LTSS:bind-9.9.6P1-0.25.1 SUSE Linux Enterprise Server 11 SP2-LTSS:bind-chrootenv-9.9.6P1-0.25.1 SUSE Linux Enterprise Server 11 SP2-LTSS:bind-devel-9.9.6P1-0.25.1 SUSE Linux Enterprise Server 11 SP2-LTSS:bind-doc-9.9.6P1-0.25.1 SUSE Linux Enterprise Server 11 SP2-LTSS:bind-libs-32bit-9.9.6P1-0.25.1 SUSE Linux Enterprise Server 11 SP2-LTSS:bind-libs-9.9.6P1-0.25.1 SUSE Linux Enterprise Server 11 SP2-LTSS:bind-utils-9.9.6P1-0.25.1 SUSE Linux Enterprise Server 11 SP3-LTSS:bind-9.9.6P1-0.25.1 SUSE Linux Enterprise Server 11 SP3-LTSS:bind-chrootenv-9.9.6P1-0.25.1 SUSE Linux Enterprise Server 11 SP3-LTSS:bind-doc-9.9.6P1-0.25.1 SUSE Linux Enterprise Server 11 SP3-LTSS:bind-libs-32bit-9.9.6P1-0.25.1 SUSE Linux Enterprise Server 11 SP3-LTSS:bind-libs-9.9.6P1-0.25.1 SUSE Linux Enterprise Server 11 SP3-LTSS:bind-utils-9.9.6P1-0.25.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:bind-9.9.6P1-0.25.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:bind-chrootenv-9.9.6P1-0.25.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:bind-doc-9.9.6P1-0.25.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:bind-libs-32bit-9.9.6P1-0.25.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:bind-libs-9.9.6P1-0.25.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:bind-utils-9.9.6P1-0.25.1 SUSE Linux Enterprise Server 11 SP4:bind-9.9.6P1-0.25.1 SUSE Linux Enterprise Server 11 SP4:bind-chrootenv-9.9.6P1-0.25.1 SUSE Linux Enterprise Server 11 SP4:bind-doc-9.9.6P1-0.25.1 SUSE Linux Enterprise Server 11 SP4:bind-libs-32bit-9.9.6P1-0.25.1 SUSE Linux Enterprise Server 11 SP4:bind-libs-9.9.6P1-0.25.1 SUSE Linux Enterprise Server 11 SP4:bind-libs-x86-9.9.6P1-0.25.1 SUSE Linux Enterprise Server 11 SP4:bind-utils-9.9.6P1-0.25.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:bind-9.9.6P1-0.25.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:bind-chrootenv-9.9.6P1-0.25.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:bind-doc-9.9.6P1-0.25.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:bind-libs-32bit-9.9.6P1-0.25.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:bind-libs-9.9.6P1-0.25.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:bind-libs-x86-9.9.6P1-0.25.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:bind-utils-9.9.6P1-0.25.1 SUSE Linux Enterprise Software Development Kit 11 SP4:bind-devel-32bit-9.9.6P1-0.25.1 SUSE Linux Enterprise Software Development Kit 11 SP4:bind-devel-9.9.6P1-0.25.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20160825-1/ https://www.suse.com/security/cve/CVE-2016-1285.html CVE-2016-1285 https://bugzilla.suse.com/970072 SUSE Bug 970072 https://bugzilla.suse.com/981200 SUSE Bug 981200 named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c. CVE-2016-1286 SUSE Linux Enterprise Desktop 11 SP4:bind-libs-32bit-9.9.6P1-0.25.1 SUSE Linux Enterprise Desktop 11 SP4:bind-libs-9.9.6P1-0.25.1 SUSE Linux Enterprise Desktop 11 SP4:bind-utils-9.9.6P1-0.25.1 SUSE Linux Enterprise Server 11 SP2-LTSS:bind-9.9.6P1-0.25.1 SUSE Linux Enterprise Server 11 SP2-LTSS:bind-chrootenv-9.9.6P1-0.25.1 SUSE Linux Enterprise Server 11 SP2-LTSS:bind-devel-9.9.6P1-0.25.1 SUSE Linux Enterprise Server 11 SP2-LTSS:bind-doc-9.9.6P1-0.25.1 SUSE Linux Enterprise Server 11 SP2-LTSS:bind-libs-32bit-9.9.6P1-0.25.1 SUSE Linux Enterprise Server 11 SP2-LTSS:bind-libs-9.9.6P1-0.25.1 SUSE Linux Enterprise Server 11 SP2-LTSS:bind-utils-9.9.6P1-0.25.1 SUSE Linux Enterprise Server 11 SP3-LTSS:bind-9.9.6P1-0.25.1 SUSE Linux Enterprise Server 11 SP3-LTSS:bind-chrootenv-9.9.6P1-0.25.1 SUSE Linux Enterprise Server 11 SP3-LTSS:bind-doc-9.9.6P1-0.25.1 SUSE Linux Enterprise Server 11 SP3-LTSS:bind-libs-32bit-9.9.6P1-0.25.1 SUSE Linux Enterprise Server 11 SP3-LTSS:bind-libs-9.9.6P1-0.25.1 SUSE Linux Enterprise Server 11 SP3-LTSS:bind-utils-9.9.6P1-0.25.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:bind-9.9.6P1-0.25.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:bind-chrootenv-9.9.6P1-0.25.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:bind-doc-9.9.6P1-0.25.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:bind-libs-32bit-9.9.6P1-0.25.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:bind-libs-9.9.6P1-0.25.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:bind-utils-9.9.6P1-0.25.1 SUSE Linux Enterprise Server 11 SP4:bind-9.9.6P1-0.25.1 SUSE Linux Enterprise Server 11 SP4:bind-chrootenv-9.9.6P1-0.25.1 SUSE Linux Enterprise Server 11 SP4:bind-doc-9.9.6P1-0.25.1 SUSE Linux Enterprise Server 11 SP4:bind-libs-32bit-9.9.6P1-0.25.1 SUSE Linux Enterprise Server 11 SP4:bind-libs-9.9.6P1-0.25.1 SUSE Linux Enterprise Server 11 SP4:bind-libs-x86-9.9.6P1-0.25.1 SUSE Linux Enterprise Server 11 SP4:bind-utils-9.9.6P1-0.25.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:bind-9.9.6P1-0.25.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:bind-chrootenv-9.9.6P1-0.25.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:bind-doc-9.9.6P1-0.25.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:bind-libs-32bit-9.9.6P1-0.25.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:bind-libs-9.9.6P1-0.25.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:bind-libs-x86-9.9.6P1-0.25.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:bind-utils-9.9.6P1-0.25.1 SUSE Linux Enterprise Software Development Kit 11 SP4:bind-devel-32bit-9.9.6P1-0.25.1 SUSE Linux Enterprise Software Development Kit 11 SP4:bind-devel-9.9.6P1-0.25.1 moderate 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20160825-1/ https://www.suse.com/security/cve/CVE-2016-1286.html CVE-2016-1286 https://bugzilla.suse.com/970073 SUSE Bug 970073 https://bugzilla.suse.com/981200 SUSE Bug 981200