bind: CVE-2016-2088

Duplicate EDNS COOKIE options in a response could trigger an assertion failure: Fix with a backport. bind as built with the oe-core recipe is not at risk: Only servers which are built with DNS cookie support (--enable-sit) are vulnerable to denial of service. Fixes [YOCTO #9438] Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
author: Jussi Kukkonen <jussi.kukkonen@intel.com> 2016-04-15 15:03:17 +0300
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2016-04-18 16:27:45 +0100
commit: da38a9840b32e80464e2938395db5c9167729f7e (patch)
tree: ffacf49c5b65d77dd6927a161dfe0147a267bedc /meta/recipes-connectivity/bind/bind_9.10.3-P3.bb
parent: 9ef23b0273a87bd19dcc9c21cc1c53b1f8480668 (diff)
download: openembedded-core-da38a9840b32e80464e2938395db5c9167729f7e.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/bind/bind_9.10.3-P3.bb b/meta/recipes-connectivity/bind/bind_9.10.3-P3.bb
index 3ad14b235f..1e3a20f9a3 100644
--- a/meta/recipes-connectivity/bind/bind_9.10.3-P3.bb
+++ b/meta/recipes-connectivity/bind/bind_9.10.3-P3.bb
@@ -24,6 +24,7 @@ SRC_URI = "ftp://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
            file://CVE-2016-1285.patch \
            file://CVE-2016-1286_1.patch \
            file://CVE-2016-1286_2.patch \
+           file://CVE-2016-2088.patch \
            "
 
 SRC_URI[md5sum] = "bcf7e772b616f7259420a3edc5df350a"
author	Jussi Kukkonen <jussi.kukkonen@intel.com>	2016-04-15 15:03:17 +0300
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2016-04-18 16:27:45 +0100
commit	da38a9840b32e80464e2938395db5c9167729f7e (patch)
tree	ffacf49c5b65d77dd6927a161dfe0147a267bedc /meta/recipes-connectivity/bind/bind_9.10.3-P3.bb
parent	9ef23b0273a87bd19dcc9c21cc1c53b1f8480668 (diff)
download	openembedded-core-da38a9840b32e80464e2938395db5c9167729f7e.tar.gz