| |||||||||||||||||||
Ubuntu alert USN-1139-1 (bind9)
========================================================================== Ubuntu Security Notice USN-1139-1 May 30, 2011 bind9 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS Summary: An attacker could send crafted input to Bind and cause it to crash. Software Description: - bind9: Internet Domain Name Server Details: It was discovered that Bind incorrectly handled certain bad signatures if multiple trust anchors existed for a single zone. A remote attacker could use this flaw to cause Bind to stop responding, resulting in a denial of service. This issue only affected Ubuntu 8.04 LTS and 10.04 LTS. (CVE-2010-3762) Frank Kloeker and Michael Sinatra discovered that Bind incorrectly handled certain very large RRSIG RRsets included in negative responses. A remote attacker could use this flaw to cause Bind to stop responding, resulting in a denial of service. (CVE-2011-1910) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.04: libdns69 1:9.7.3.dfsg-1ubuntu2.1 Ubuntu 10.10: libdns66 1:9.7.1.dfsg.P2-2ubuntu0.3 Ubuntu 10.04 LTS: libdns64 1:9.7.0.dfsg.P1-1ubuntu0.2 Ubuntu 8.04 LTS: libdns36 1:9.4.2.dfsg.P2-2ubuntu0.7 In general, a standard system update will make all the necessary changes. References: CVE-2010-3762, CVE-2011-1910 Package Information: https://launchpad.net/ubuntu/+source/bind9/1:9.7.3.dfsg-1... https://launchpad.net/ubuntu/+source/bind9/1:9.7.1.dfsg.P... https://launchpad.net/ubuntu/+source/bind9/1:9.7.0.dfsg.P... https://launchpad.net/ubuntu/+source/bind9/1:9.4.2.dfsg.P... -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security... (Log in to post comments)
|
|||||||||||||||||||