Security update for bind

SUSE Security Update: Security update for bind
Announcement ID: SUSE-SU-2016:0227-1
Rating: important
References: #939567 #944066 #958861 #962189
Affected Products:
  • SUSE Linux Enterprise Server 10 SP4 LTSS

  • An update that fixes four vulnerabilities is now available. It includes one version update.

    Description:

    This update for bind fixes the following issues:

    • CVE-2015-8000: Remote denial of service by mis-parsing incoming responses. (bsc#958861)
    • CVE-2015-5722: DoS against servers performing validation on DNSSEC-signed records. (bsc#944066)
    • CVE-2015-5477: DoS against authoritative and recursive servers.
    • CVE-2015-8704: Specific APL data could trigger a crash. (bsc#962189)

    Security Issues:

    Package List:

    • SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64) [New Version: 9.6ESVR11P1]:
      • bind-9.6ESVR11P1-0.18.1
      • bind-chrootenv-9.6ESVR11P1-0.18.1
      • bind-devel-9.6ESVR11P1-0.18.1
      • bind-doc-9.6ESVR11P1-0.18.1
      • bind-libs-9.6ESVR11P1-0.18.1
      • bind-utils-9.6ESVR11P1-0.18.1
    • SUSE Linux Enterprise Server 10 SP4 LTSS (s390x x86_64) [New Version: 9.6ESVR11P1]:
      • bind-libs-32bit-9.6ESVR11P1-0.18.1

    References: