summaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity/bind/bind_9.9.5.bb
Commit message (Collapse)AuthorAgeFilesLines
* bind: CVE-2016-1285 CVE-2016-1286daisy-eneaSona Sarmadi2016-04-081-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | CVE-2016-1285 bind: malformed packet sent to rndc can trigger assertion failure CVE-2016-1286 bind: malformed signature records for DNAME records can trigger assertion failure [YOCTO #9400] External References: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1285 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1286 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1285 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1286 References to the Upstream commits and Security Advisories: CVE-2016-1285: https://kb.isc.org/article/AA-01352 https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=patch; h=31e4657cf246e41d4c5c890315cb6cf89a0db25a CVE-2016-1286_1: https://kb.isc.org/article/AA-01353 https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=patch; h=76c3c9fe9f3f1353b47214b8f98b3d7f53e10bc7 CVE-2016-1286_2: https://kb.isc.org/article/AA-01353 https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=patch; h=ce3cd91caee698cb144e1350c6c78292c6be6339 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com> Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
* bind: CVE-2015-8461Sona Sarmadi2016-04-081-1/+2
| | | | | | | | | | | | | | | | Fixes a race condition when handling socket errors can lead to an assertion failure in resolver.c Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8461 Patch is backported from: http://git.yoctoproject.org/cgit/cgit.cgi/poky/patch /?id=12cdd6d2b3a6d351ea09799be38e6ddd4c041c17 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com> Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
* bind: CVE-2015-8704Sona Sarmadi2016-04-081-0/+1
| | | | | | | | | | | | | | A buffer size check used to guard against overflow could cause named to exit with an INSIST failure In apl_42.c. References: https://kb.isc.org/article/AA-01335 https://kb.isc.org/article/AA-00913 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8704 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com> Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
* bind: CVE-2015-8000Sona Sarmadi2016-04-081-0/+1
| | | | | | | | | | | | | | | | | | | Fixes a denial of service in BIND. An error in the parsing of incoming responses allows some records with an incorrect class to be accepted by BIND instead of being rejected as malformed. This can trigger a REQUIRE assertion failure when those records are subsequently cached. References: http://www.openwall.com/lists/oss-security/2015/12/15/14 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8000 https://bugzilla.redhat.com/attachment.cgi?id=1105581 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Huimin She <huimin.she@enea.com> Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
* bind: CVE-2015-1349 CVE-2015-4620 CVE-2015-5722Sona Sarmadi2016-04-081-0/+3
| | | | | | | | | | | | | | | | | | | | | CVE-2015-1349: https://kb.isc.org/article/AA-01235/0/CVE-2015-1349%3A- A-Problem-with-Trust-Anchor-Management-Can-Cause-named-to-Crash.html CVE-2015-4620 https://kb.isc.org/article/AA-01267/0/CVE-2015-4620%3A- Specially-Constructed-Zone-Data-Can-Cause-a-Resolver-to-Crash-when-Validating.html CVE-2015-5722 https://kb.isc.org/article/AA-01287/0/CVE-2015-5722%3A- Parsing-malformed-keys-may-cause-BIND-to-exit-due-to-a-failed-assertion-in-buffer.c.html (From OE-Core rev: d3af844b05e566c2188fc3145e66a9826fed0ec8) Reference: https://kb.isc.org/category/74/0/10/Software-Products/BIND9/Security-Advisories/ Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
* bind9.9.5: CVE-2015-5477Sona Sarmadi2015-08-041-0/+1
| | | | | | | | | | | Fixes a flaw in the way BIND handled requests for TKEY DNS resource records. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5477 https://kb.isc.org/article/AA-01272 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
* bind: fix for CVE-2014-8500Sona Sarmadi2015-07-061-0/+1
| | | | | | | | | | | | | | | | A denial of service flaw was found in the way BIND followed DNS delegations. A remote attacker could use a specially crafted zone containing a large number of referrals which, when looked up and processed, would cause named to use excessive amounts of memory or crash. External References: =================== https://kb.isc.org/article/AA-01216/74/CVE-2014-8500%3A-A-Defect-in-\ Delegation-Handling-Can-Be-Exploited-to-Crash-BIND.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8500 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
* initial commit for Enea Linux 4.0Adrian Dudau2014-06-261-0/+65
Migrated from the internal git server on the daisy-enea branch Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-05-07 21:20:48 +0000