bind: multiple vulnerabilities [LWN.net]

Package(s):

bind9

CVE #(s):

CVE-2012-1667 CVE-2012-1033

Created:

June 6, 2012

Updated:

August 7, 2012

Description:

From the

Dan Luther discovered that Bind incorrectly handled zero length rdata fields. A remote attacker could use this flaw to cause Bind to crash or behave erratically, resulting in a denial of service. (CVE-2012-1667)

It was discovered that Bind incorrectly handled revoked domain names. A remote attacker could use this flaw to cause malicious domain names to be continuously resolvable even after they have been revoked. (CVE-2012-1033)

Alerts:

Ubuntu	USN-1462-1	2012-06-05
Debian	DSA-2486-1	2012-06-05
Red Hat	RHSA-2012:0716-01	2012-06-07
Red Hat	RHSA-2012:0717-01	2012-06-07
CentOS	CESA-2012:0716	2012-06-07
CentOS	CESA-2012:0716	2012-06-07
CentOS	CESA-2012:0717	2012-06-07
Oracle	ELSA-2012-0716	2012-06-08
Oracle	ELSA-2012-0716	2012-06-08
Oracle	ELSA-2012-0717	2012-06-08
Scientific Linux	SL-bind-20120607	2012-06-07
Scientific Linux	SL-bind-20120607	2012-06-07
Mandriva	MDVSA-2012:089	2012-06-10
openSUSE	openSUSE-SU-2012:0722-1	2012-06-11
Fedora	FEDORA-2012-8968	2012-06-13
SUSE	SUSE-SU-2012:0741-2	2012-06-15
SUSE	SUSE-SU-2012:0741-1	2012-06-15
Slackware	SSA:2012-166-01	2012-06-14
Fedora	FEDORA-2012-8962	2012-06-15
Fedora	FEDORA-2012-8946	2012-06-15
SUSE	SUSE-SU-2012:0741-3	2012-06-16
SUSE	SUSE-SU-2012:0741-4	2012-06-18
SUSE	SUSE-SU-2012:0741-5	2012-06-27
openSUSE	openSUSE-SU-2012:0863-1	2012-07-11
openSUSE	openSUSE-SU-2012:0864-1	2012-07-11
SUSE	SUSE-SU-2012:0741-6	2012-07-13
Red Hat	RHSA-2012:1110-01	2012-07-23
Oracle	ELSA-2012-2028	2012-08-06
Gentoo	201209-04	2012-09-23
Slackware	SSA:2012-341-01	2012-12-06
openSUSE	openSUSE-SU-2013:0605-1	2013-04-03

(Log in to post comments)