1018700 – (CVE-2016-9131) VUL-0: CVE-2016-9131: bind: malformed response can cause assertion failure during recursion

Bug 1018700 (CVE-2016-9131) - VUL-0: CVE-2016-9131: bind: malformed response can cause assertion failure during recursion

Summary: VUL-0: CVE-2016-9131: bind: malformed response can cause assertion failure du...

Status:	RESOLVED FIXED

Alias:	CVE-2016-9131

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Major
Target Milestone:	---
Deadline:	2017-01-16
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:	CVSSv2:SUSE:CVE-2016-9131:7.8:(AV:N/A...
Keywords:

Depends on:
Blocks:	1018699
	Show dependency tree / graph

Clone This Bug

Reported:	2017-01-07 09:58 UTC by Alexander Bergmann
Modified:	2020-09-24 14:55 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Comment 3 Swamp Workflow Management 2017-01-07 23:00:14 UTC

bugbot adjusting priority

Comment 4 Andreas Stieger 2017-01-09 12:04:54 UTC

CRD: 2017-01-11

Comment 5 Swamp Workflow Management 2017-01-09 12:58:12 UTC

An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2017-01-16.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/63332

Comment 6 Swamp Workflow Management 2017-01-09 15:59:19 UTC

An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2017-01-16.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/63333

Comment 10 Swamp Workflow Management 2017-01-12 01:09:11 UTC

SUSE-SU-2017:0111-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1018699,1018700,1018701,1018702
CVE References: CVE-2016-9131,CVE-2016-9147,CVE-2016-9444
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    bind-9.9.9P1-53.1
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    bind-9.9.9P1-53.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    bind-9.9.9P1-53.1
SUSE Linux Enterprise Server 12-SP2 (src):    bind-9.9.9P1-53.1
SUSE Linux Enterprise Server 12-SP1 (src):    bind-9.9.9P1-53.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    bind-9.9.9P1-53.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    bind-9.9.9P1-53.1

Comment 11 Swamp Workflow Management 2017-01-12 01:10:16 UTC

SUSE-SU-2017:0112-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1018699,1018700,1018701,1018702
CVE References: CVE-2016-9131,CVE-2016-9147,CVE-2016-9444
Sources used:
SUSE OpenStack Cloud 5 (src):    bind-9.9.6P1-0.36.1
SUSE Manager Proxy 2.1 (src):    bind-9.9.6P1-0.36.1
SUSE Manager 2.1 (src):    bind-9.9.6P1-0.36.1
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    bind-9.9.6P1-0.36.1
SUSE Linux Enterprise Server 11-SP4 (src):    bind-9.9.6P1-0.36.1
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    bind-9.9.6P1-0.36.1
SUSE Linux Enterprise Server 11-SP2-LTSS (src):    bind-9.9.6P1-0.36.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    bind-9.9.6P1-0.36.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    bind-9.9.6P1-0.36.1

Comment 12 Swamp Workflow Management 2017-01-12 01:11:17 UTC

SUSE-SU-2017:0113-1: An update that solves three vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1018699,1018700,1018701,1018702,965748
CVE References: CVE-2016-9131,CVE-2016-9147,CVE-2016-9444
Sources used:
SUSE Linux Enterprise Server for SAP 12 (src):    bind-9.9.9P1-28.26.1
SUSE Linux Enterprise Server 12-LTSS (src):    bind-9.9.9P1-28.26.1

Comment 13 Alexander Bergmann 2017-01-12 07:48:26 UTC

Public now!

https://kb.isc.org/article/AA-01439/74/CVE-2016-9131

Comment 14 Alexander Bergmann 2017-01-12 07:52:30 UTC

Correct URL:

https://kb.isc.org/article/AA-01439/74/CVE-2016-9131%3A-A-malformed-response-to-an-ANY-query-can-cause-an-assertion-failure-during-recursion.html

Comment 15 Swamp Workflow Management 2017-01-17 18:46:04 UTC

openSUSE-SU-2017:0182-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1018699,1018700,1018701,1018702
CVE References: CVE-2016-9131,CVE-2016-9147,CVE-2016-9444
Sources used:
openSUSE 13.2 (src):    bind-9.9.6P1-2.28.1

Comment 16 Swamp Workflow Management 2017-01-18 11:09:22 UTC

openSUSE-SU-2017:0193-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1018699,1018700,1018701,1018702
CVE References: CVE-2016-9131,CVE-2016-9147,CVE-2016-9444
Sources used:
openSUSE Leap 42.2 (src):    bind-9.9.9P1-43.1
openSUSE Leap 42.1 (src):    bind-9.9.9P1-45.1

Comment 17 Marcus Meissner 2017-01-27 10:42:37 UTC

released