#31897 – Закрыть CVE-2016-1285, CVE-2016-1286

Bug 31897 - Закрыть CVE-2016-1285, CVE-2016-1286

Summary: Закрыть CVE-2016-1285, CVE-2016-1286

Status:	CLOSED FIXED

Alias:	None

Product:	Sisyphus
Classification:	Development
Component:	bind (show other bugs)
Version:	unstable
Hardware:	all Linux

Importance:	P3 normal
Assignee:	placeholder@altlinux.org
QA Contact:	qa-sisyphus

URL:	https://habrahabr.ru/company/pt/blog/...
Keywords:

Depends on:
Blocks:

Reported:	2016-03-17 15:58 MSK by Vitaly Lipatov
Modified:	2016-03-17 16:44 MSK (History)
CC List:	6 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Vitaly Lipatov 2016-03-17 15:58:54 MSK

Ошибке CVE-2016-1285 подвержены версии 9.2.0 -> 9.8.8, 9.9.0->9.9.8-P3, 9.9.3-S1->9.9.8-S5, 9.10.0->9.10.3-P3
Ошибке CVE-2016-1286 —версии 9.0.0 -> 9.8.8, 9.9.0 -> 9.9.8-P3, 9.9.3-S1 -> 9.9.8-S5, 9.10.0 -> 9.10.3-P3;

Comment 1 Dmitry V. Levin 2016-03-17 16:14:32 MSK

* Thu Mar 10 2016 Fr. Br. George <george@altlinux> 9.9.8-alt3
- Update to ftp://ftp.isc.org/isc/bind9/9.9.8-P2/bind-9.9.8-P4.tar.gz
- Build with --enable-fetchlimit (Closes: #31701)

Comment 2 Vitaly Lipatov 2016-03-17 16:44:04 MSK

(В ответ на комментарий №1)
> * Thu Mar 10 2016 Fr. Br. George <george@altlinux> 9.9.8-alt3
> - Update to ftp://ftp.isc.org/isc/bind9/9.9.8-P2/bind-9.9.8-P4.tar.gz
Такого файла конечно нет, есть
ftp://ftp.isc.org/isc/bind9/9.9.8-P4/bind-9.9.8-P4.tar.gz

Но нужные изменения вошли в сборку:
+BIND 9.9.8-P4
+
+       BIND 9.9.8-P4 is a security release addressing the flaws
+       described in CVE-2016-1285 and CVE-2016-1286.
+