Slackware64-13.37 ChangeLog (2015-09-02)

Wed Sep 2 19:36:31 UTC 2015

Upgraded

  • patches/packages/bind-9.9.7_P3-x86_64-1_slack13.37.txz
    This update fixes two denial-of-service vulnerabilities:
    + CVE-2015-5722 is a denial-of-service vector which can be
    exploited remotely against a BIND server that is performing
    validation on DNSSEC-signed records. Validating recursive
    resolvers are at the greatest risk from this defect, but it has not
    been ruled out that it could be exploited against an
    authoritative-only nameserver under limited conditions. Servers
    that are not performing validation are not vulnerable. However,
    ISC does not recommend disabling validation as a workaround to
    this issue as it exposes the server to other types of attacks.
    Upgrading to the patched versions is the recommended solution.
    All versions of BIND since 9.0.0 are vulnerable to CVE-2015-5722.
    + CVE-2015-5986 is a denial-of-service vector which can be used
    against a BIND server that is performing recursion. Validation
    is not required. Recursive resolvers are at the greatest risk
    from this defect, but it has not been ruled out that it could
    be exploited against an authoritative-only nameserver under
    limited conditions.
    Only versions of BIND since 9.9.7 and 9.10.2 are vulnerable to
    CVE-2015-5986.
    For more information, see:
    https://kb.isc.org/article/AA-01287/0
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5722
    https://kb.isc.org/article/AA-01291/0
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5986
    (* Security fix *)