CVE-2015-8704 — bind9 - security update

Description

apl_42.c in ISC BIND 9.x before 9.9.8-P3, 9.9.x, and 9.10.x before 9.10.3-P3 allows remote authenticated users to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed Address Prefix List (APL) record.

How to fix CVE-2015-8704

To remediate CVE-2015-8704, upgrade the affected package to a fixed version below.

Debian/bind9—upgrade to 1:9.10.3.dfsg.P4-6 or later
—upgrade to 1:9.7.3.dfsg-1~squeeze19 or later
—upgrade to 1:9.8.4.dfsg.P1-6+nmu2+deb7u9 or later

Is CVE-2015-8704 being exploited?

Moderate — EPSS is 20.8%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (3)

from 0, < 1:9.10.3.dfsg.P4-6
from 0, < 1:9.7.3.dfsg-1~squeeze19
from 0, < 1:9.8.4.dfsg.P1-6+nmu2+deb7u9

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.5	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2015-8704