1
PublicDateAtUSN: 2016-03-09 20:00:00 UTC
2
Candidate: CVE-2016-1285
3
CRD: 2016-03-09 20:00:00 UTC
6
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1285
7
https://kb.isc.org/article/AA-01352
8
https://usn.ubuntu.com/usn/usn-2925-1
10
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not
11
properly handle DNAME records when parsing fetch reply messages, which
12
allows remote attackers to cause a denial of service (assertion failure and
13
daemon exit) via a malformed packet to the rndc (aka control channel)
14
interface, related to alist.c and sexpr.c.
23
upstream_bind9: released (9.9.8-P4, 9.10.3-P4)
24
precise_bind9: released (1:9.8.1.dfsg.P1-4ubuntu0.16)
25
precise/esm_bind9: released (1:9.8.1.dfsg.P1-4ubuntu0.16)
26
trusty_bind9: released (1:9.9.5.dfsg-3ubuntu0.8)
27
vivid/stable-phone-overlay_bind9: ignored (reached end-of-life)
28
vivid/ubuntu-core_bind9: ignored (reached end-of-life)
29
wily_bind9: released (1:9.9.5.dfsg-11ubuntu1.3)
30
xenial_bind9: not-affected (1:9.10.3.dfsg.P4-1)
31
yakkety_bind9: not-affected (1:9.10.3.dfsg.P4-1)
32
zesty_bind9: not-affected (1:9.10.3.dfsg.P4-1)
33
devel_bind9: not-affected (1:9.10.3.dfsg.P4-1)