Denial of Service in YADIFA
ID: | DSA-4001-1 |
Distribution: | Debian |
Plattformen: | Debian stretch |
Datum: | Do, 19. Oktober 2017, 18:52 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14339 |
Applikationen: | YADIFA |
Originalnachricht |
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4001-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond October 19, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : yadifa CVE ID : CVE-2017-14339 Debian Bug : 876315 It was discovered that YADIFA, an authoritative DNS server, did not sufficiently check its input. This allowed a remote attacker to cause a denial-of-service by forcing the daemon to enter an infinite loop. For the stable distribution (stretch), this problem has been fixed in version 2.2.3-1+deb9u1. We recommend that you upgrade your yadifa packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAlnoWekACgkQEL6Jg/PV nWToCAf/eUz1gX6shKG3BY5l4yRXlE+yBIp7yfldCF5PzCoCOKdiIANuMD+rgvRV bs349e9NP/FX1dSkqjRYvguPRanrj9aDE2b0XHc2ncDXhtXabl6tHXIkdSSO5HZ5 RvZgOSChxI8Y43HnsSnhAZr9rSBZIzba3COuz35YZIBtv2Sg4RrsWe0MQBKye1cJ RzX+ibsNz/LLdzR0quq8vzKll0ZSnxL3ON1asGise06gNssmNXrS2Fml6T4/jeZ5 kq7unYaPRTl7kMmvzn9mr+Ve7C6/xrWESHdwIlqCnqxvqRCmtEDKJIF9g2VvhaYJ R3+Ylp81dKJIV0BovSYukGTFvN2b9g== =63OJ -----END PGP SIGNATURE----- |