Login
Newsletter
Werbung

Sicherheit: Denial of Service in BIND
Aktuelle Meldungen Distributionen
Name: Denial of Service in BIND
ID: USN-1910-1
Distribution: Ubuntu
Plattformen: Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, Ubuntu 12.10, Ubuntu 13.04
Datum: Mo, 29. Juli 2013, 17:31
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4854
Applikationen: BIND

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--===============8484537925307502847==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="------------enig3DFD9F00FEF123CE8ECF1C6A"

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig3DFD9F00FEF123CE8ECF1C6A
Content-Type: text/plain; charset=UTF-
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-1910-1
July 29, 2013

bind9 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 13.04
- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS

Summary:

Bind could be made to crash if it received specially crafted network
traffic.

Software Description:
- bind9: Internet Domain Name Server

Details:

Maxim Shudrak discovered that Bind incorrectly handled certain malformed
rdata. A remote attacker could use this flaw with a specially crafted
query to cause Bind to stop responding, resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 13.04:
bind9 1:9.9.2.dfsg.P1-2ubuntu2.1
libdns95 1:9.9.2.dfsg.P1-2ubuntu2.1

Ubuntu 12.10:
bind9 1:9.8.1.dfsg.P1-4.2ubuntu3.3
libdns81 1:9.8.1.dfsg.P1-4.2ubuntu3.3

Ubuntu 12.04 LTS:
bind9 1:9.8.1.dfsg.P1-4ubuntu0.7
libdns81 1:9.8.1.dfsg.P1-4ubuntu0.7

Ubuntu 10.04 LTS:
bind9 1:9.7.0.dfsg.P1-1ubuntu0.10
libdns64 1:9.7.0.dfsg.P1-1ubuntu0.10

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1910-1
CVE-2013-4854

Package Information:
https://launchpad.net/ubuntu/+source/bind9/1:9.9.2.dfsg.P1-2ubuntu2.1
https://launchpad.net/ubuntu/+source/bind9/1:9.8.1.dfsg.P1-4.2ubuntu3.3
https://launchpad.net/ubuntu/+source/bind9/1:9.8.1.dfsg.P1-4ubuntu0.7
https://launchpad.net/ubuntu/+source/bind9/1:9.7.0.dfsg.P1-1ubuntu0.10



--------------enig3DFD9F00FEF123CE8ECF1C6A
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBCgAGBQJR9mfHAAoJEGVp2FWnRL6T2rIP/iXvjdJlryVidzSU7M7A18d1
+1kI3gby5bvpg8OtcucS+HiDEKCr9ux1Ik1BJ7E8C6I/6mqVivTGROUv5i1MI3X0
UDHchS7AMAaN/9nRFtbrQt/R2YZcUdtvgU7kOd3kxYc8qz73xWXO1y34kv2lMRi1
6LEQ8TLa3EpQNj4pi/iQn74spgK3+t9Jka5+s70mrWnl87wGo0hAjL9C0+J2cuJU
HAw34E3OHikHbSc4fdo/IMAHRfJVQLcsPHbw5e7vszwYmycGnB8xQj/y0ZZJjI/9
phE/4FUy7ZuvbH0NE3yKOwEtcfvtZFoP9vLmdEeFbM1J57fvaKnFQTrLXwBQwugV
T0wa2vQILv2kFqY5Q0flUB9k/eK1fQBTj+wD4P3gjX9GuGh4P+gQacuX9OqN4la1
WN6SH81YpK/ZdWrzvvLokJaLI5OIcNyUveAs8ElRFJkfXTXPSFGRy2FAIGzMcNUi
Hwy9Y/dInb0lb9lw3DI9Xda1zLh6OPEfFlk2eX2DFDHWG13p5Le5Z/4ci9ciTOsK
sQ316X5/v1JbvZG6aI8ACMfwfpmAF4+t7d6gv3l2bJ6XZExkuJWGFsIoXjSQnHbL
Gec5E4bq5iX5eAAKmlNMDTVQD4yCDL5mQj/lZCeJ8BrXZ5Vjin0D3qm5L/5x5Cyo
GjFUI1WvU1TZpIqu2x4Q
=iMMD
-----END PGP SIGNATURE-----

--------------enig3DFD9F00FEF123CE8ECF1C6A--


--===============8484537925307502847==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============8484537925307502847==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung