ISC has issued advisories today (March 9): https://kb.isc.org/article/AA-01352 https://kb.isc.org/article/AA-01353 https://kb.isc.org/article/AA-01351 They are high severity, remotely exploitable denial of service vulnerabilities. Updated packages uploaded for Mageia 5 and Cauldron. Advisory: ======================== Updated bind packages fix security vulnerabilities: In ISC BIND before 9.10.3-P4, an error parsing input received by the rndc control channel can cause an assertion failure in sexpr.c or alist.c (CVE-2016-1285). In ISC BIND before 9.10.3-P4, a problem parsing resource record signatures for DNAME resource records can lead to an assertion failure in resolver.c or db.c (CVE-2016-1286). In ISC BIND before 9.10.3-P4, A response containing multiple DNS cookies causes servers with cookie support enabled to exit with an assertion failure in resolver.c (CVE-2016-2088). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1285 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1286 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2088 https://kb.isc.org/article/AA-01351 https://kb.isc.org/article/AA-01352 https://kb.isc.org/article/AA-01353 https://kb.isc.org/article/AA-01363 ======================== Updated packages in core/updates_testing: ======================== bind-9.10.3.P4-1.mga5 bind-sdb-9.10.3.P4-1.mga5 bind-utils-9.10.3.P4-1.mga5 bind-devel-9.10.3.P4-1.mga5 bind-doc-9.10.3.P4-1.mga5 from bind-9.10.3.P4-1.mga5.src.rpm
Testing procedure: similar to https://bugs.mageia.org/show_bug.cgi?id=9163#c8
Whiteboard: (none) => has_procedure
Keywords: (none) => validated_updateWhiteboard: has_procedure => has_procedure advisory MGA5-64-OKCC: (none) => davidwhodgins, sysadmin-bugs
URL: (none) => http://lwn.net/Vulnerabilities/679612/
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0107.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
LWN reference for CVE-2016-2088: http://lwn.net/Vulnerabilities/679760/