code.ossystems Code Review - openembedded-core.git/commit

author	Sona Sarmadi <sona.sarmadi@enea.com>
	Wed, 13 Apr 2016 06:32:15 +0000 (08:32 +0200)
committer	Richard Purdie <richard.purdie@linuxfoundation.org>
	Thu, 14 Apr 2016 09:58:27 +0000 (10:58 +0100)
commit	080d1a313e4982dd05846b375ebf936c46934d80
tree	85f2ff1326f8cc0c3568b6deafb1748eb132f8e8	tree \| snapshot
parent	e951a8970b456de71f6596f061211a48adce3e3a	commit \| diff

bind: CVE-2016-1285 CVE-2016-1286

Fixes following vulnerabilities:
CVE-2016-1285 bind: malformed packet sent to rndc can trigger assertion failure
CVE-2016-1286 bind: malformed signature records for DNAME records can
trigger assertion failure

[YOCTO #9400]

External References:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1285
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1286
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1285
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1286

References to the Upstream commits and Security Advisories:
===========================================================
CVE-2016-1285: https://kb.isc.org/article/AA-01352
https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=patch;
h=70037e040e587329cec82123e12b9f4f7c945f67

CVE-2016-1286_1: https://kb.isc.org/article/AA-01353
https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=patch;
h=a3d327bf1ceaaeabb20223d8de85166e940b9f12

CVE-2016-1286_2: https://kb.isc.org/article/AA-01353
https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=patch;
h=7602be276a73a6eb5431c5acd9718e68a55e8b61

Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>

meta/recipes-connectivity/bind/bind/CVE-2016-1285.patch	[new file with mode: 0644]	blob
meta/recipes-connectivity/bind/bind/CVE-2016-1286_1.patch	[new file with mode: 0644]	blob
meta/recipes-connectivity/bind/bind/CVE-2016-1286_2.patch	[new file with mode: 0644]	blob
meta/recipes-connectivity/bind/bind_9.10.3-P3.bb		diff \| blob \| history