Gentoo Archives: gentoo-announce

From: Sean Amoss <ackle@g.o>
To: gentoo-announce@g.o
Subject: [gentoo-announce] [ GLSA 201401-34 ] BIND: Denial of Service
Date: Wed, 29 Jan 2014 22:53:25
Message-Id: 52E985B0.5020301@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201401-34
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: BIND: Denial of Service
9 Date: January 29, 2014
10 Bugs: #437828, #446094, #453974, #463497, #478316, #483208, #498016
11 ID: 201401-34
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in BIND, possibly resulting in
19 Denial of Service.
20
21 Background
22 ==========
23
24 BIND is the Berkeley Internet Name Domain Server.
25
26 Affected packages
27 =================
28
29 -------------------------------------------------------------------
30 Package / Vulnerable / Unaffected
31 -------------------------------------------------------------------
32 1 net-dns/bind < 9.9.4_p2 >= 9.9.4_p2
33
34 Description
35 ===========
36
37 Multiple vulnerabilities have been discovered in BIND. Please review
38 the CVE identifiers referenced below for details.
39
40 Impact
41 ======
42
43 A remote attacker may be able to cause a Denial of Service condition.
44
45 Workaround
46 ==========
47
48 There is no known workaround at this time.
49
50 Resolution
51 ==========
52
53 All BIND users should upgrade to the latest version:
54
55 # emerge --sync
56 # emerge --ask --oneshot --verbose ">=net-dns/bind-9.9.4_p2"
57
58 References
59 ==========
60
61 [ 1 ] CVE-2012-5166
62 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5166
63 [ 2 ] CVE-2012-5688
64 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5688
65 [ 3 ] CVE-2012-5689
66 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5689
67 [ 4 ] CVE-2013-2266
68 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2266
69 [ 5 ] CVE-2013-3919
70 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3919
71 [ 6 ] CVE-2013-4854
72 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4854
73 [ 7 ] CVE-2014-0591
74 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0591
75
76 Availability
77 ============
78
79 This GLSA and any updates to it are available for viewing at
80 the Gentoo Security Website:
81
82 http://security.gentoo.org/glsa/glsa-201401-34.xml
83
84 Concerns?
85 =========
86
87 Security is a primary focus of Gentoo Linux and ensuring the
88 confidentiality and security of our users' machines is of utmost
89 importance to us. Any security concerns should be addressed to
90 security@g.o or alternatively, you may file a bug at
91 https://bugs.gentoo.org.
92
93 License
94 =======
95
96 Copyright 2014 Gentoo Foundation, Inc; referenced text
97 belongs to its owner(s).
98
99 The contents of this document are licensed under the
100 Creative Commons - Attribution / Share Alike license.
101
102 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature