[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 112-1] bind9 security update



Package        : bind9
Version        : 9.7.3.dfsg-1~squeeze13
CVE ID         : CVE-2014-8500
Debian Bug     : 772610

This update fixes a denial of service vulnerability in BIND, a DNS server.

By making use of maliciously-constructed zones or a rogue server, an attacker 
could exploit an oversight in the code BIND 9 used to follow delegations in 
the Domain Name Service, causing BIND to issue unlimited queries in an attempt 
to follow the delegation.

This can lead to resource exhaustion and denial of service (up to and 
including termination of the named server process).

Attachment: signature.asc
Description: This is a digitally signed message part.


Reply to: