From 71129828ff4cfda3d66aa9378be3c5a53f2beb8b Mon Sep 17 00:00:00 2001 From: Sona Sarmadi Date: Thu, 7 Apr 2016 12:27:27 +0200 Subject: bind: CVE-2016-1285 CVE-2016-1286 CVE-2016-1285 bind: malformed packet sent to rndc can trigger assertion failure CVE-2016-1286 bind: malformed signature records for DNAME records can trigger assertion failure [YOCTO #9400] External References: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1285 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1286 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1285 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1286 References to the Upstream commits and Security Advisories: CVE-2016-1285: https://kb.isc.org/article/AA-01352 https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=patch; h=31e4657cf246e41d4c5c890315cb6cf89a0db25a CVE-2016-1286_1: https://kb.isc.org/article/AA-01353 https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=patch; h=76c3c9fe9f3f1353b47214b8f98b3d7f53e10bc7 CVE-2016-1286_2: https://kb.isc.org/article/AA-01353 https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=patch; h=ce3cd91caee698cb144e1350c6c78292c6be6339 Signed-off-by: Sona Sarmadi Signed-off-by: Tudor Florea Signed-off-by: Sona Sarmadi --- meta/recipes-connectivity/bind/bind_9.9.5.bb | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'meta/recipes-connectivity/bind/bind_9.9.5.bb') diff --git a/meta/recipes-connectivity/bind/bind_9.9.5.bb b/meta/recipes-connectivity/bind/bind_9.9.5.bb index 68f5367a4b..80e2ca6cf5 100644 --- a/meta/recipes-connectivity/bind/bind_9.9.5.bb +++ b/meta/recipes-connectivity/bind/bind_9.9.5.bb @@ -21,6 +21,10 @@ SRC_URI = "ftp://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \ file://CVE-2015-8000.patch \ file://CVE-2015-8704.patch \ file://CVE-2015-8461.patch \ + file://CVE-2016-1285.patch \ + file://fix-typo-in-CVE-2016-1285.patch \ + file://CVE-2016-1286_1.patch \ + file://CVE-2016-1286_2.patch \ " SRC_URI[md5sum] = "e676c65cad5234617ee22f48e328c24e" -- cgit v1.2.3-54-g00ecf