UbuntuUpdates.org

Package "libisc83"

Name: libisc83

Description:

ISC Shared Library used by BIND

Latest version: 1:9.8.1.dfsg.P1-4ubuntu0.32
Release: precise (12.04)
Level: updates
Repository: main
Head package: bind9

Links


Download "libisc83"


Other versions of "libisc83" in Precise

Repository Area Version
base main 1:9.8.1.dfsg.P1-4
security main 1:9.8.1.dfsg.P1-4ubuntu0.32

Changelog

Version: 1:9.8.1.dfsg.P1-4ubuntu0.18 2016-10-21 10:06:37 UTC

  bind9 (1:9.8.1.dfsg.P1-4ubuntu0.18) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via malformed options
    - Backported upstream commit 4adf97c32fcca7d00e5756607fd045f2aab9c3d4.
    - CVE-2016-2848

 -- Marc Deslauriers <email address hidden> Mon, 17 Oct 2016 14:39:54 +0200

Source diff to previous version
CVE-2016-2848 A packet with malformed options can trigger an assertion failure

Version: 1:9.8.1.dfsg.P1-4ubuntu0.17 2016-09-27 15:06:37 UTC

  bind9 (1:9.8.1.dfsg.P1-4ubuntu0.17) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via assertion failure
    - lib/dns/message.c: properly handle lengths.
    - backported from patch provided by upstream.
    - CVE-2016-2776

 -- Marc Deslauriers <email address hidden> Mon, 26 Sep 2016 14:42:15 -0400

Source diff to previous version
CVE-2016-2776 RESERVED

Version: 1:9.8.1.dfsg.P1-4ubuntu0.16 2016-03-10 10:06:26 UTC

  bind9 (1:9.8.1.dfsg.P1-4ubuntu0.16) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via rndc control channel input
    parsing error
    - properly check data in bin/named/control.c, bin/named/controlconf.c,
      bin/rndc/rndc.c, lib/isccc/cc.c.
    - CVE-2016-1285
  * SECURITY UPDATE: denial of service via resource record signatures
    parsing issue
    - fix improper DNAME handling in lib/dns/resolver.c.
    - CVE-2016-1286

 -- Marc Deslauriers <email address hidden> Tue, 08 Mar 2016 08:35:01 -0500

Source diff to previous version

Version: 1:9.8.1.dfsg.P1-4ubuntu0.15 2016-01-19 23:06:43 UTC

  bind9 (1:9.8.1.dfsg.P1-4ubuntu0.15) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via string formatting operations
    - lib/dns/rdata/in_1/apl_42.c: use correct length.
    - CVE-2015-8704

 -- Marc Deslauriers Mon, 18 Jan 2016 07:56:11 -0500

Source diff to previous version
CVE-2015-8704 Specific APL data could trigger an INSIST in apl_42.c

Version: 1:9.8.1.dfsg.P1-4ubuntu0.14 2015-12-15 23:06:35 UTC

  bind9 (1:9.8.1.dfsg.P1-4ubuntu0.14) precise-security; urgency=medium

  * SECURITY UPDATE: REQUIRE failure via incorrect class
    - properly handle class in lib/dns/include/dns/message.h,
      lib/dns/message.c, lib/dns/resolver.c, lib/dns/xfrin.c.
    - CVE-2015-8000

 -- Marc Deslauriers Mon, 14 Dec 2015 13:48:33 -0500

CVE-2015-8000 Responses with a malformed class attribute can trigger an assertion failure in db.c



About   -   Send Feedback to @ubuntu_updates