ALAS-2015-631 --- bindID: oval:org.secpod.oval:def:1200160 | Date: (C)2016-01-04 (M)2023-12-07 |
Class: PATCH | Family: unix |
An error in the parsing of incoming responses allows some records with an incorrect class to be be accepted by BIND instead of being rejected as malformed. This can trigger a REQUIRE assertion failure when those records are subsequently cached. Intentional exploitation of this condition is possible and could be used as a denial-of-service vector against servers performing recursive queries. CVE-2015-8461 was also issued today for bind, but the Amazon Linux AMI"s version of bind is not impacted by that CVE.
Platform: |
Amazon Linux AMI |