BIND vulnerability
Bug #59202 reported by
Patrik Wallström
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| bind9 (Ubuntu) |
Fix Released
|
High
|
Martin Pitt | ||
Bug Description
Binary package hint: bind9
Haven't seen any indications of that you have seen this update from ISC...
http://
Please update BIND9 immediately.
Revision history for this message
| Ondřej Surý (ondrej) wrote | #1 |
Revision history for this message
| Martin Pitt (pitti) wrote | #2 |
| Changed in bind9: | |
| assignee: | nobody → pitti |
| importance: | Untriaged → High |
| status: | Unconfirmed → In Progress |
Revision history for this message
| Martin Pitt (pitti) wrote | #3 |
| Changed in bind9: | |
| status: | In Progress → Fix Committed |
Revision history for this message
| Martin Pitt (pitti) wrote | #4 |
| Changed in bind9: | |
| status: | Fix Committed → Fix Released |
To post a comment you must log in.
Version(s): 9.3.2 and prior versions
Description: A vulnerability was reported in BIND. A remote user can
cause denial of service conditions.
A remote user (DNS server) can send specially crafted RRset responses in
return to a recursive SIG query to cause the requesting named service to
crash [CVE-2006-4095].
A remote user can also send specially crafted queries to trigger an
INSIST failure and cause the requesting service(s) to crash [CVE-2006-4096].
Impact: A remote user can cause the target named service to crash.
Solution: The vendor has issued fixed versions (9.3.2-P1, 9.2.7, and
9.2.6-P1), available at: http://