rpm package
suse/bind&distro=SUSE Linux Enterprise Software Development Kit 12 SP1
pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1
Vulnerabilities (15)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-3138 | — | < 9.9.9P1-59.1 | 9.9.9P1-59.1 | Jan 16, 2019 | named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regression introduced in a recent feature change has created a situation under which some | ||
| CVE-2017-3137 | — | < 9.9.9P1-59.1 | 9.9.9P1-59.1 | Jan 16, 2019 | Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order | ||
| CVE-2017-3136 | — | < 9.9.9P1-59.1 | 9.9.9P1-59.1 | Jan 16, 2019 | A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other p | ||
| CVE-2017-3135 | — | < 9.9.9P1-56.1 | 9.9.9P1-56.1 | Jan 16, 2019 | Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9. | ||
| CVE-2016-9444 | Hig | 7.5 | < 9.9.9P1-53.1 | 9.9.9P1-53.1 | Jan 12, 2017 | named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DS resource record in an answer. | |
| CVE-2016-9147 | Hig | 7.5 | < 9.9.9P1-53.1 | 9.9.9P1-53.1 | Jan 12, 2017 | named in ISC BIND 9.9.9-P4, 9.9.9-S6, 9.10.4-P4, and 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a response containing an inconsistency among the DNSSEC-related RRsets. | |
| CVE-2016-9131 | Hig | 7.5 | < 9.9.9P1-53.1 | 9.9.9P1-53.1 | Jan 12, 2017 | named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed response to an RTYPE ANY query. | |
| CVE-2016-8864 | Hig | 7.5 | < 9.9.9P1-49.1 | 9.9.9P1-49.1 | Nov 2, 2016 | named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and re | |
| CVE-2016-2776 | Hig | 7.5 | < 9.9.9P1-46.1 | 9.9.9P1-46.1 | Sep 28, 2016 | buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query. | |
| CVE-2016-2775 | Med | 5.9 | < 9.9.9P1-59.1 | 9.9.9P1-59.1 | Jul 19, 2016 | ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol. | |
| CVE-2016-6170 | Med | 6.5 | < 9.9.9P1-59.1 | 9.9.9P1-59.1 | Jul 6, 2016 | ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via a | |
| CVE-2016-1286 | Hig | 8.6 | < 9.9.6P1-38.1 | 9.9.6P1-38.1 | Mar 9, 2016 | named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c. | |
| CVE-2016-1285 | Med | 6.8 | < 9.9.6P1-38.1 | 9.9.6P1-38.1 | Mar 9, 2016 | named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka contr | |
| CVE-2015-8704 | Med | 6.5 | < 9.9.6P1-35.1 | 9.9.6P1-35.1 | Jan 20, 2016 | apl_42.c in ISC BIND 9.x before 9.9.8-P3, 9.9.x, and 9.10.x before 9.10.3-P3 allows remote authenticated users to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed Address Prefix List (APL) record. | |
| CVE-2015-8000 | — | < 9.9.6P1-32.1 | 9.9.6P1-32.1 | Dec 16, 2015 | db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class attribute. |
- CVE-2017-3138Jan 16, 2019affected < 9.9.9P1-59.1fixed 9.9.9P1-59.1
named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regression introduced in a recent feature change has created a situation under which some
- CVE-2017-3137Jan 16, 2019affected < 9.9.9P1-59.1fixed 9.9.9P1-59.1
Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order
- CVE-2017-3136Jan 16, 2019affected < 9.9.9P1-59.1fixed 9.9.9P1-59.1
A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other p
- CVE-2017-3135Jan 16, 2019affected < 9.9.9P1-56.1fixed 9.9.9P1-56.1
Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9.
- affected < 9.9.9P1-53.1fixed 9.9.9P1-53.1
named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DS resource record in an answer.
- affected < 9.9.9P1-53.1fixed 9.9.9P1-53.1
named in ISC BIND 9.9.9-P4, 9.9.9-S6, 9.10.4-P4, and 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a response containing an inconsistency among the DNSSEC-related RRsets.
- affected < 9.9.9P1-53.1fixed 9.9.9P1-53.1
named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed response to an RTYPE ANY query.
- affected < 9.9.9P1-49.1fixed 9.9.9P1-49.1
named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and re
- affected < 9.9.9P1-46.1fixed 9.9.9P1-46.1
buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.
- affected < 9.9.9P1-59.1fixed 9.9.9P1-59.1
ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol.
- affected < 9.9.9P1-59.1fixed 9.9.9P1-59.1
ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via a
- affected < 9.9.6P1-38.1fixed 9.9.6P1-38.1
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c.
- affected < 9.9.6P1-38.1fixed 9.9.6P1-38.1
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka contr
- affected < 9.9.6P1-35.1fixed 9.9.6P1-35.1
apl_42.c in ISC BIND 9.x before 9.9.8-P3, 9.9.x, and 9.10.x before 9.10.3-P3 allows remote authenticated users to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed Address Prefix List (APL) record.
- CVE-2015-8000Dec 16, 2015affected < 9.9.6P1-32.1fixed 9.9.6P1-32.1
db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class attribute.