Ubuntu
bind9 package

CVE-2011-4313 improper assert

Bug #891389 reported by Pablo Catalina
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
bind9 (Ubuntu)
Fix Released
Medium
Marc Deslauriers

Bug Description

http://seclists.org/fulldisclosure/2011/Nov/255

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2347-1 security () debian org
http://www.debian.org/security/ Florian Weimer
November 16, 2011 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : bind9
Vulnerability : improper assert
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-4313

It was discovered that BIND, a DNS server, crashes while processing
certain sequences of recursive DNS queries, leading to a denial of
service. Authoritative-only server configurations are not affected by
this issue.

For the oldstable distribution (lenny), this problem has been fixed in
version 1:9.6.ESV.R4+dfsg-0+lenny4.

For the stable distribution (squeeze), this problem has been fixed in
version 1:9.7.3.dfsg-1~squeeze4.

We recommend that you upgrade your bind9 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce () lists debian org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQEcBAEBAgAGBQJOxCMHAAoJEL97/wQC1SS+FV8H/0JRa38A8AXLEbJspONfR2H+
eu0CW1t8SsJBJiMhkWZrGAhr7x30kFnXpzNyBgL7LqLWsWBw9AahHZZqI4oP7u4c
rcau04KWW+fJuA1mtBO0pM5uiYMHPI7ITFWfIgQz89OVOckVCHa4683nfsoafL1p
SORCl3y1E7xLcXnQji83vXUCGx/0YYCMnUCSUg0VMd2ZAIXcv7+Q8GwZOxhMztb8
zmgLkQQ/enZBx7yRqeO9KOSXAGejS311zhxLne+M83qNaRZyuWUFB65QtRb2ng5V
3jXkTjikHfpsDhlYfkcf/2c5tFbpbIPSVfxDZrT3+ClROP7r+Ad6Lk0hqz/rhU8=
=MMeY
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

CVE References

Revision history for this message
Pablo Catalina (xkill) wrote :

http://www.isc.org/software/bind/advisories/cve-2011-2464

Changed in bind9 (Ubuntu):
status: New → Confirmed
status: Confirmed → New
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thank you for using Ubuntu and reporting a bug. This is currently being worked on and will be published shortly.

Changed in bind9 (Ubuntu):
assignee: nobody → Marc Deslauriers (mdeslaur)
importance: Undecided → Medium
status: New → Fix Committed
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

This has been published now:

http://www.ubuntu.com/usn/usn-1264-1/

visibility: private → public
Changed in bind9 (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.