Bug 1385450 (CVE-2016-2848)
Summary: | CVE-2016-2848 bind: assertion failure triggered by a packet with malformed options | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Dhiru Kholia <dkholia> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | dkholia, fweimer, security-response-team, thozza |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: |
A denial of service flaw was found in the way BIND handled packets with malformed options. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS packet.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2016-10-25 10:42:43 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1385452, 1385453, 1385454, 1385455, 1386548, 1386549, 1386550, 1386551, 1386552 | ||
Bug Blocks: | 1383236 |
Description
Dhiru Kholia
2016-10-17 05:02:43 UTC
Upstream commit: https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=4adf97c32fcca7d00e5756607fd045f2aab9c3d4 Public now via ISC upstream advisory. External References: https://kb.isc.org/article/AA-01433 This issue has been addressed in the following products: Red Hat Enterprise Linux 5 Via RHSA-2016:2094 https://rhn.redhat.com/errata/RHSA-2016-2094.html This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 Via RHSA-2016:2093 https://rhn.redhat.com/errata/RHSA-2016-2093.html This issue has been addressed in the following products: Red Hat Enterprise Linux 6.7 Extended Update Support Red Hat Enterprise Linux 6.6 Extended Update Support Red Hat Enterprise Linux 6.5 Advanced Update Support Red Hat Enterprise Linux 6.4 Advanced Update Support Red Hat Enterprise Linux 6.2 Advanced Update Support Red Hat Enterprise Linux 6.5 Telco Extended Update Support Via RHSA-2016:2099 https://rhn.redhat.com/errata/RHSA-2016-2099.html |