]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 76ef966) | patch
bind: CVE-2015-8000
authorSona Sarmadi <sona.sarmadi@enea.com>
Mon, 21 Dec 2015 11:35:20 +0000 (12:35 +0100)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Sat, 30 Jan 2016 12:02:29 +0000 (12:02 +0000)
commitc9c42b0ec2c7b9b3e613f68db06230ebc6e2711c
treef5b65c671bff85ae0c2a70b7b03559904f11ed84tree | snapshot
parent76ef966b1f47663f570e87aeb21bc98147b0eca2commit | diff
bind: CVE-2015-8000

Fixes a denial of service in BIND.

An error in the parsing of incoming responses allows some
records with an incorrect class to be accepted by BIND
instead of being rejected as malformed. This can trigger
a REQUIRE assertion failure when those records are subsequently
cached.

[YOCTO #8838]

References:
http://www.openwall.com/lists/oss-security/2015/12/15/14
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8000
https://bugzilla.redhat.com/attachment.cgi?id=1105581

Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
meta/recipes-connectivity/bind/bind/CVE-2015-8000.patch [new file with mode: 0644] blob
meta/recipes-connectivity/bind/bind_9.9.5.bb diff | blob | history
Mirror of the official openembedded-core repository