]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 409f192) | patch
bind: CVE-2015-8704 and CVE-2015-8705
authorDerek Straka <derek@asterius.io>
Mon, 25 Jan 2016 19:15:28 +0000 (14:15 -0500)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Sat, 30 Jan 2016 12:08:36 +0000 (12:08 +0000)
commit78ceabeb2df55194f16324d21ba97e81121f996b
tree535a3c97b64fe544e22e00447481e7b595c3edf1tree | snapshot
parent409f19280983b8100a27a773cefbff187cca737acommit | diff
bind: CVE-2015-8704 and CVE-2015-8705

CVE-2015-8704:
Allows remote authenticated users to cause a denial of service via a malformed Address Prefix List record

CVE-2015-8705:
When debug logging is enabled, allows remote attackers to cause a denial of service or have possibly unspecified impact via OPT data or ECS option

[YOCTO 8966]

References:
https://kb.isc.org/article/AA-01346/0/BIND-9.10.3-P3-Release-Notes.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8704
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8705

Signed-off-by: Derek Straka <derek@asterius.io>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch [new file with mode: 0644] blob
meta/recipes-connectivity/bind/bind/CVE-2015-8705.patch [new file with mode: 0644] blob
meta/recipes-connectivity/bind/bind_9.10.2-P4.bb diff | blob | history
Mirror of the official openembedded-core repository