Monday, July 29, 2013

[USN-1910-1] Bind vulnerability

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBCgAGBQJR9mfHAAoJEGVp2FWnRL6T2rIP/iXvjdJlryVidzSU7M7A18d1
+1kI3gby5bvpg8OtcucS+HiDEKCr9ux1Ik1BJ7E8C6I/6mqVivTGROUv5i1MI3X0
UDHchS7AMAaN/9nRFtbrQt/R2YZcUdtvgU7kOd3kxYc8qz73xWXO1y34kv2lMRi1
6LEQ8TLa3EpQNj4pi/iQn74spgK3+t9Jka5+s70mrWnl87wGo0hAjL9C0+J2cuJU
HAw34E3OHikHbSc4fdo/IMAHRfJVQLcsPHbw5e7vszwYmycGnB8xQj/y0ZZJjI/9
phE/4FUy7ZuvbH0NE3yKOwEtcfvtZFoP9vLmdEeFbM1J57fvaKnFQTrLXwBQwugV
T0wa2vQILv2kFqY5Q0flUB9k/eK1fQBTj+wD4P3gjX9GuGh4P+gQacuX9OqN4la1
WN6SH81YpK/ZdWrzvvLokJaLI5OIcNyUveAs8ElRFJkfXTXPSFGRy2FAIGzMcNUi
Hwy9Y/dInb0lb9lw3DI9Xda1zLh6OPEfFlk2eX2DFDHWG13p5Le5Z/4ci9ciTOsK
sQ316X5/v1JbvZG6aI8ACMfwfpmAF4+t7d6gv3l2bJ6XZExkuJWGFsIoXjSQnHbL
Gec5E4bq5iX5eAAKmlNMDTVQD4yCDL5mQj/lZCeJ8BrXZ5Vjin0D3qm5L/5x5Cyo
GjFUI1WvU1TZpIqu2x4Q
=iMMD
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1910-1
July 29, 2013

bind9 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 13.04
- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS

Summary:

Bind could be made to crash if it received specially crafted network
traffic.

Software Description:
- bind9: Internet Domain Name Server

Details:

Maxim Shudrak discovered that Bind incorrectly handled certain malformed
rdata. A remote attacker could use this flaw with a specially crafted
query to cause Bind to stop responding, resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 13.04:
bind9 1:9.9.2.dfsg.P1-2ubuntu2.1
libdns95 1:9.9.2.dfsg.P1-2ubuntu2.1

Ubuntu 12.10:
bind9 1:9.8.1.dfsg.P1-4.2ubuntu3.3
libdns81 1:9.8.1.dfsg.P1-4.2ubuntu3.3

Ubuntu 12.04 LTS:
bind9 1:9.8.1.dfsg.P1-4ubuntu0.7
libdns81 1:9.8.1.dfsg.P1-4ubuntu0.7

Ubuntu 10.04 LTS:
bind9 1:9.7.0.dfsg.P1-1ubuntu0.10
libdns64 1:9.7.0.dfsg.P1-1ubuntu0.10

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1910-1
CVE-2013-4854

Package Information:
https://launchpad.net/ubuntu/+source/bind9/1:9.9.2.dfsg.P1-2ubuntu2.1
https://launchpad.net/ubuntu/+source/bind9/1:9.8.1.dfsg.P1-4.2ubuntu3.3
https://launchpad.net/ubuntu/+source/bind9/1:9.8.1.dfsg.P1-4ubuntu0.7
https://launchpad.net/ubuntu/+source/bind9/1:9.7.0.dfsg.P1-1ubuntu0.10

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)