CVE-2015-8704

Published: 19 January 2016

apl_42.c in ISC BIND 9.x before 9.9.8-P3, 9.9.x, and 9.10.x before 9.10.3-P3 allows remote authenticated users to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed Address Prefix List (APL) record.

Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
bind9
Launchpad, Ubuntu, Debian
Upstream
Released (9.9.8-P3,9.10.3-P3)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (1:9.9.5.dfsg-12.1ubuntu1)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (1:9.9.5.dfsg-3ubuntu0.7)

Notes

AuthorNote
jdstrand
these missed OTA9 in vivid/stable-phone-overlay and should be
included in OTA9.5 via https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/stable-snapshot/+packages
landed in rc-proposed in r385 on krillin:
http://people.canonical.com/~lzemczak/landing-team/ubuntu-touch/rc-proposed/ubuntu/krillin/385.commitlog

References