CVE-2016-1285
CVE-2016-1285
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181036.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-April/181037.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-March/178831.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-March/178880.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-March/179904.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-March/179911.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00046.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00053.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00070.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00072.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00075.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00079.html