]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 9ef23b0) | patch
bind: CVE-2016-2088
authorJussi Kukkonen <jussi.kukkonen@intel.com>
Fri, 15 Apr 2016 12:03:17 +0000 (15:03 +0300)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Mon, 18 Apr 2016 15:27:45 +0000 (16:27 +0100)
commitda38a9840b32e80464e2938395db5c9167729f7e
treeffacf49c5b65d77dd6927a161dfe0147a267bedctree | snapshot
parent9ef23b0273a87bd19dcc9c21cc1c53b1f8480668commit | diff
bind: CVE-2016-2088

Duplicate EDNS COOKIE options in a response could trigger an
assertion failure: Fix with a backport.

bind as built with the oe-core recipe is not at risk: Only servers
which are built with DNS cookie support (--enable-sit) are vulnerable
to denial of service.

Fixes [YOCTO #9438]

Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
meta/recipes-connectivity/bind/bind/CVE-2016-2088.patch [new file with mode: 0644] blob
meta/recipes-connectivity/bind/bind_9.10.3-P3.bb diff | blob | history
Mirror of the official openembedded-core repository