]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: a13b0a0) | patch
bind: update to 9.10.3-P3
authorDerek Straka <derek@asterius.io>
Sun, 24 Jan 2016 13:13:04 +0000 (08:13 -0500)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Tue, 26 Jan 2016 22:31:09 +0000 (22:31 +0000)
commit58d47cdf91076cf055046ce9ec5f3e2e21dae1c0
treea24beba76540e9923cff825a0c2394b79774a542tree | snapshot
parenta13b0a0b79cf4db9f247facf71c03344b60be890commit | diff
bind: update to 9.10.3-P3

Addresses CVE-2015-8704 and CVE-2015-8705

CVE-2015-8704
Allows remote authenticated users to cause a denial of service via a malformed Address Prefix List record

CVE-2015-8705:
When debug loggin is enabled, allows remote attackers to cause a denial of service or have possibly unspecified impact via OPT data or ECS option

[YOCTO 8966]

References:
https://kb.isc.org/article/AA-01346/0/BIND-9.10.3-P3-Release-Notes.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8704
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8705

Signed-off-by: Ross Burton <ross.burton@intel.com>
meta/recipes-connectivity/bind/bind_9.10.3-P3.bb [moved from meta/recipes-connectivity/bind/bind_9.10.3-P2.bb with 96% similarity] diff | blob | history
Mirror of the official openembedded-core repository