Multiple security issues with unbound [DSA 2370-1]
Bug #907983 reported by
Scott Kitterman
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
unbound (Ubuntu) |
Fix Released
|
Medium
|
Scott Kitterman | ||
Lucid |
Fix Released
|
Medium
|
Scott Kitterman | ||
Maverick |
Fix Released
|
Medium
|
Scott Kitterman | ||
Natty |
Fix Released
|
Medium
|
Scott Kitterman | ||
Oneiric |
Fix Released
|
Medium
|
Scott Kitterman | ||
Precise |
Fix Released
|
Medium
|
Scott Kitterman |
Bug Description
Package : unbound
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-4528 CVE-2011-4869
It was discovered that Unbound, a recursive DNS resolver, would crash
when processing certain malformed DNS responses from authoritative DNS
servers, leading to denial of service.
CVE-2011-4528
Unbound attempts to free unallocated memory during processing
of duplicate CNAME records in a signed zone.
CVE-2011-4869
Unbound does not properly process malformed responses which
lack expected NSEC3 records.
visibility: | private → public |
To post a comment you must log in.
Fixed in Debian Unstable in 1.4.14. Having that synced to take care of Precise.