Security update for bind

SUSE Security Update: Security update for bind

---

Announcement ID:	SUSE-SU-2015:1322-1
Rating:	important
References:	#939567
Affected Products:	SUSE Linux Enterprise Server 10 SP4 LTSS

---

An update that fixes one vulnerability is now available. It includes one version update.

Description:

bind was updated to fix one security issue:

• CVE-2015-5477: Remote Denial-of-Service via TKEY queries. (bsc#939567)

Exposure to this issue can not be prevented by either ACLs or configuration options limiting or denying service because the exploitable code occurs early in the packet handling.

Security Issues:

• CVE-2015-5477

Package List:

• SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64) [New Version: 9.6ESVR11P1]:
  • bind-9.6ESVR11P1-0.14.1
  • bind-chrootenv-9.6ESVR11P1-0.14.1
  • bind-devel-9.6ESVR11P1-0.14.1
  • bind-doc-9.6ESVR11P1-0.14.1
  • bind-libs-9.6ESVR11P1-0.14.1
  • bind-utils-9.6ESVR11P1-0.14.1
• SUSE Linux Enterprise Server 10 SP4 LTSS (s390x x86_64) [New Version: 9.6ESVR11P1]:
  • bind-libs-32bit-9.6ESVR11P1-0.14.1

References:

• https://www.suse.com/security/cve/CVE-2015-5477.html
• https://bugzilla.suse.com/939567
• https://download.suse.com/patch/finder/?keywords=fe704ff20633640972645403977f8036