FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

bind -- multiple vulnerabilities

Affected packages
bind99 < 9.9.8P2
bind910 < 9.10.3P2
bind9-devel < 9.11.0.a20151215
9.3 <= FreeBSD < 9.3_32

Details

VuXML ID a8ec4db7-a398-11e5-85e9-14dae9d210b8
Discovery 2015-11-24
Entry 2015-12-16
Modified 2016-08-09

ISC reports:

Named is potentially vulnerable to the OpenSSL vulnerabilty described in CVE-2015-3193.

Incorrect reference counting could result in an INSIST failure if a socket error occurred while performing a lookup. This flaw is disclosed in CVE-2015-8461. [RT#40945]

Insufficient testing when parsing a message allowed records with an incorrect class to be be accepted, triggering a REQUIRE failure when those records were subsequently cached. This flaw is disclosed in CVE-2015-8000. [RT #40987]

References

CVE Name CVE-2015-3193
CVE Name CVE-2015-8000
CVE Name CVE-2015-8461
FreeBSD Advisory SA-15:27.bind
URL https://kb.isc.org/article/AA-01317/0/CVE-2015-8000%3A-Responses-with-a-malformed-class-attribute-can-trigger-an-assertion-failure-in-db.c.html
URL https://kb.isc.org/article/AA-01319/0/CVE-2015-8461%3A-A-race-condition-when-handling-socket-errors-can-lead-to-an-assertion-failure-in-resolver.c.html
URL https://kb.isc.org/article/AA-01328/0/BIND-9.10.3-P2-Release-Notes.html