CVE-2015-5722

Publication date 2 September 2015

Last updated 24 July 2024

Ubuntu priority

Description

buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) by creating a zone containing a malformed DNSSEC key and issuing a query for a name in that zone.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
bind9	15.04 vivid	Fixed 1:9.9.5.dfsg-9ubuntu0.3
	14.04 LTS trusty	Fixed 1:9.9.5.dfsg-3ubuntu0.5
	12.04 LTS precise	Fixed 1:9.8.1.dfsg.P1-4ubuntu0.13

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-2728-1
Bind vulnerability
2 September 2015

Other references

https://www.isc.org/blogs/cve-2015-5722-parsing-malformed-keys-may-cause-bind-to-exit-due-to-a-failed-assertion-in-buffer-c/
https://www.cve.org/CVERecord?id=CVE-2015-5722