Login
Newsletter
Werbung

Sicherheit: Denial of Service in BIND
Aktuelle Meldungen Distributionen
Name: Denial of Service in BIND
ID: USN-1601-1
Distribution: Ubuntu
Plattformen: Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 11.04, Ubuntu 11.10, Ubuntu 12.04 LTS
Datum: Mi, 10. Oktober 2012, 15:34
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5166
Applikationen: BIND

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--===============5048238744571056244==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="------------enig9EECC719A2F844FF8DCF9034"

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig9EECC719A2F844FF8DCF9034
Content-Type: text/plain; charset=ISO-8859-
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-1601-1
October 10, 2012

bind9 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS

Summary:

Bind could be made to crash if it received specially crafted network
traffic.

Software Description:
- bind9: Internet Domain Name Server

Details:

Jake Montgomery discovered that Bind incorrectly handled certain specific
combinations of RDATA. A remote attacker could use this flaw to cause Bind
to crash, resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
bind9 1:9.8.1.dfsg.P1-4ubuntu0.4

Ubuntu 11.10:
bind9 1:9.7.3.dfsg-1ubuntu4.5

Ubuntu 11.04:
bind9 1:9.7.3.dfsg-1ubuntu2.7

Ubuntu 10.04 LTS:
bind9 1:9.7.0.dfsg.P1-1ubuntu0.8

Ubuntu 8.04 LTS:
bind9 1:9.4.2.dfsg.P2-2ubuntu0.12

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1601-1
CVE-2012-5166

Package Information:
https://launchpad.net/ubuntu/+source/bind9/1:9.8.1.dfsg.P1-4ubuntu0.4
https://launchpad.net/ubuntu/+source/bind9/1:9.7.3.dfsg-1ubuntu4.5
https://launchpad.net/ubuntu/+source/bind9/1:9.7.3.dfsg-1ubuntu2.7
https://launchpad.net/ubuntu/+source/bind9/1:9.7.0.dfsg.P1-1ubuntu0.8
https://launchpad.net/ubuntu/+source/bind9/1:9.4.2.dfsg.P2-2ubuntu0.12



--------------enig9EECC719A2F844FF8DCF9034
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBCgAGBQJQdXFGAAoJEGVp2FWnRL6TVG8P/1ru3L9yHGpvViPCoIawsiyY
t1uEC8vLaMigESm5PocyYXnhHYAyASTb+9xZxBmNlORNToG/snkPJS372rEltskN
h6VPpJM9Q+kdZ07MUoSsgUENJcWoPJTNQPuqr/56yVBPS14KkiTpISYTtw+k1bUj
kAqHxEsJ/ywDlS2bq/VQ5SbbWD5v6ge8hiJlcVQDScme9iqXQesD32EiAyn0gtsE
p4rtHjQrtu9UQgmUO9cbE9YafhdZzuiPntBjxHiiPmojKVsc7C9XnHpM2eUaJZWY
WIUi8av4d6XefpyHDqIGVHJN1ADpGmcJD4okJ3eOyQbWZRosv/2yrv3bQb1iMP6E
h0Okmt2c69L56kgsCduwzjZCYeguVRjYkOlmvZA9XmZ09KwGRHnXUtUKIgnz/NAQ
uRocMsePz0MqLqN841ABUemOypWlrIy9tu9QnnCNAv6aJfM327pF+tMapuNEGXoQ
p6ouPpIASfYq1SG5FosFXby94Ywsvdw3r4Z+9sEmq6yU3gzGByd3CtcRpq/y2AF9
SYdr/eLuoM9/R24XDXd9fd9BVBoFlGKKOKAuuWWBX7O30sTBleWS2lSGrp0hFAXb
iFH31ykkLFk3r6dT1OsiCWhZAZIfhgy5J6/w+pwhQF1gN3l02xr3hQsHKc+wJ9lM
P14clyyCqWULDjUufh9s
=DIbv
-----END PGP SIGNATURE-----

--------------enig9EECC719A2F844FF8DCF9034--


--===============5048238744571056244==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============5048238744571056244==--
Pro-Linux
Gewinnspiel
Neue Nachrichten
Werbung