Debian Long Term Support / LTS Security Information / 2014 / Security Information -- DLA-48-1 bind9

Debian Security Advisory

DLA-48-1 bind9 -- LTS security update

Date Reported:

05 Sep 2014

Affected Packages:

bind9

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 735190.
In Mitre's CVE dictionary: CVE-2014-0591.

More information:

Fix denial of service attack when processing NSEC3-signed zone queries, fixed by not calling memcpy with overlapping ranges in bin/named/query.c. - patch backported from 9.8.6-P2 by Marc Deslauriers from the Ubuntu Security team for USN-2081-1.

For Debian 6 Squeeze, these issues have been fixed in bind9 version 9.7.3.dfsg-1~squeeze12