[3.5] bind: Multiple security issues (CVE-2016-9131, CVE-2016-9147, CVE-2016-9444)ID: oval:org.secpod.oval:def:1800416 | Date: (C)2018-03-28 (M)2023-12-20 |
Class: PATCH | Family: unix |
CVE-2016-9131: A malformed response to an ANY query can cause an assertion failure during recursion A malformed query response received by a recursive server in response to a query of RTYPE ANY could trigger an assertion failure while named is attempting to add the RRs in the query response to the cache. While the combination of properties which triggers the assertion should not occur in normal traffic, it is potentially possible for the assertion to be triggered deliberately by an attacker sending a specially-constructed answer having the required properties, after having engineered a scenario whereby an ANY query is sent to the recursive server for the target QNAME. A recursive server will itself only send a query of type ANY if it receives a client query of type ANY for a QNAME for which it has no RRsets at all in cache, otherwise it will respond to the client with the the RRsets that it has available. Affected versions 9.4.0 -
Platform: |
Alpine Linux 3.5 |