Denial of Service in BIND
ID: | DSA-3703-1 |
Distribution: | Debian |
Plattformen: | Debian jessie |
Datum: | Di, 1. November 2016, 23:02 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8864 |
Applikationen: | BIND |
Originalnachricht |
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3703-1 security@debian.org https://www.debian.org/security/ Florian Weimer November 01, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : bind9 CVE ID : CVE-2016-8864 Debian Bug : 842858 Tony Finch and Marco Davids reported an assertion failure in BIND, a DNS server implementation, which causes the server process to terminate. This denial-of-service vulnerability is related to a defect in the processing of responses with DNAME records from authoritative servers and primarily affects recursive resolvers. For the stable distribution (jessie), this problem has been fixed in version 1:9.9.5.dfsg-9+deb8u8. We recommend that you upgrade your bind9 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJYGReoAAoJEL97/wQC1SS+4RQH+wc73x8MRFd+jWShqFWzNbbG BkKff8Q6yGvvJqOlwBBm7+je9r/NpeRPKkjzfOQlzw/vFzQw4KVVTzM/7FRJBoXR AmfBjnl7LOmiqIlRxEMkJUhcnq5z3ATPqtgiz+es6/uQJXWFmufv7hrZ4Yh89EOP c5uJpXipy4bhBMukovcs3qyLHCf5dKxiwW9i1XhV4uJueSWgyM80a+UoeHZgyBFi lYSFPwFr7T1SjVZuzRX9HhbZhyS+YC5Kg6vqMpZ0iP5RS1ZbgFAQM91i9vxpZOh3 QopQ2TOaqwjVdKNA8JhpawHoTx4t+bbdH+T416cUQJwivyS2j7rT2iWVuFcpG1o= =kaus -----END PGP SIGNATURE----- |