Security update for bind
SUSE Patch
security@suse.de
SUSE Security Team
SUSE-SU-2016:2697-2
Final
1
1
2016-11-02T08:34:38Z
current
2016-11-02T08:34:38Z
2016-11-02T08:34:38Z
cve-database/bin/generate-cvrf.pl
2017-02-24T01:00:00Z
Security update for bind
This update for bind fixes the following issues:
- A defect in BIND's handling of responses containing a DNAME answer had
the potential to trigger assertion errors in the server remotely,
thereby facilitating a denial-of-service attack. (CVE-2016-8864, bsc#1007829).
- Fix BIND to return a valid hostname in response to ldapdump queries.
(bsc#965748)
The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
SUSE-SLE-RPI-12-SP2-2016-1588
Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)
https://www.suse.com/support/update/announcement/2016/suse-su-20162697-2/
Link for SUSE-SU-2016:2697-2
https://lists.suse.com/pipermail/sle-security-updates/2016-November/002390.html
E-Mail link for SUSE-SU-2016:2697-2
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1007829
SUSE Bug 1007829
https://bugzilla.suse.com/965748
SUSE Bug 965748
https://www.suse.com/security/cve/CVE-2016-8864/
SUSE CVE CVE-2016-8864 page
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
bind-9.9.9P1-49.1
bind-chrootenv-9.9.9P1-49.1
bind-doc-9.9.9P1-49.1
bind-libs-9.9.9P1-49.1
bind-utils-9.9.9P1-49.1
bind-9.9.9P1-49.1 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
bind-chrootenv-9.9.9P1-49.1 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
bind-doc-9.9.9P1-49.1 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
bind-libs-9.9.9P1-49.1 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
bind-utils-9.9.9P1-49.1 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c.
CVE-2016-8864
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:bind-9.9.9P1-49.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:bind-chrootenv-9.9.9P1-49.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:bind-doc-9.9.9P1-49.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:bind-libs-9.9.9P1-49.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:bind-utils-9.9.9P1-49.1
important
5
AV:N/AC:L/Au:N/C:N/I:N/A:P
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2016/suse-su-20162697-2/
https://www.suse.com/security/cve/CVE-2016-8864.html
CVE-2016-8864
https://bugzilla.suse.com/1007829
SUSE Bug 1007829
https://bugzilla.suse.com/1018700
SUSE Bug 1018700
https://bugzilla.suse.com/1018701
SUSE Bug 1018701
https://bugzilla.suse.com/1018702
SUSE Bug 1018702
https://bugzilla.suse.com/1020526
SUSE Bug 1020526
https://bugzilla.suse.com/1024130
SUSE Bug 1024130
https://bugzilla.suse.com/1033466
SUSE Bug 1033466