ALAS-2015-573

Metadata

high
7.8
bind
CVE-2015-5477
2015-07-28
2017-06-16 18:42
Important CentOS bind Security Update
Important CentOS bind97 Security Update
CVE-2015-5477 bind9
CVE-2015-5477
2017-04-01 21:43
2017-01-05 20:03

Description

As reported upstream, an error in the handling of TKEY queries can be exploited by an attacker for use as a denial-of-service vector, as a constructed packet can use the defect to trigger a REQUIRE assertion failure, causing BIND to exit.

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Package Patched in
bind bind-9.8.2-0.30.rc1.38.amzn1.src
bind bind-9.8.2-0.30.rc1.38.amzn1.x86_64
bind bind-9.8.2-0.30.rc1.38.amzn1.i686
bind-chroot bind-chroot-9.8.2-0.30.rc1.38.amzn1.x86_64
bind-chroot bind-chroot-9.8.2-0.30.rc1.38.amzn1.i686
bind-debuginfo bind-debuginfo-9.8.2-0.30.rc1.38.amzn1.i686
bind-debuginfo bind-debuginfo-9.8.2-0.30.rc1.38.amzn1.x86_64
bind-devel bind-devel-9.8.2-0.30.rc1.38.amzn1.i686
bind-devel bind-devel-9.8.2-0.30.rc1.38.amzn1.x86_64
bind-libs bind-libs-9.8.2-0.30.rc1.38.amzn1.i686
bind-libs bind-libs-9.8.2-0.30.rc1.38.amzn1.x86_64
bind-sdb bind-sdb-9.8.2-0.30.rc1.38.amzn1.x86_64
bind-sdb bind-sdb-9.8.2-0.30.rc1.38.amzn1.i686
bind-utils bind-utils-9.8.2-0.30.rc1.38.amzn1.x86_64
bind-utils bind-utils-9.8.2-0.30.rc1.38.amzn1.i686