User: Password:
|
|
Subscribe / Log in / New account

Mageia alert MGASA-2014-0013 (bind)

From:  Mageia Updates <buildsystem-daemon@mageia.org>
To:  updates-announce@ml.mageia.org
Subject:  [updates-announce] MGASA-2014-0013: Updated bind package fixes security vulnerability
Date:  Fri, 17 Jan 2014 01:39:10 +0100
Message-ID:  <20140117003910.396DA6CB8B@valstar.mageia.org>

MGASA-2014-0013 - Updated bind package fixes security vulnerability Publication date: 17 Jan 2014 URL: http://advisories.mageia.org/MGASA-2014-0013.html Type: security Affected Mageia releases: 3 CVE: CVE-2014-0591 Description: Updated bind packages fix security vulnerability: Because of a defect in handling queries for NSEC3-signed zones, BIND can crash with an "INSIST" failure in name.c when processing queries possessing certain properties. By exploiting this defect an attacker deliberately constructing a query with the right properties could achieve denial of service against an authoritative nameserver serving NSEC3-signed zones (CVE-2014-0591). References: - https://bugs.mageia.org/show_bug.cgi?id=12296 - https://kb.isc.org/article/AA-01078 - https://kb.isc.org/article/AA-01080 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0591 SRPMS: - 3/core/bind-9.9.4.P2-1.mga3


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds