Debian Security Advisory

DLA-48-1 bind9 -- LTS security update

Date Reported:
05 Sep 2014
Affected Packages:
Security database references:
In the Debian bugtracking system: Bug 735190.
In Mitre's CVE dictionary: CVE-2014-0591.
More information:

Fix denial of service attack when processing NSEC3-signed zone queries, fixed by not calling memcpy with overlapping ranges in bin/named/query.c. - patch backported from 9.8.6-P2 by Marc Deslauriers from the Ubuntu Security team for USN-2081-1.

For Debian 6 Squeeze, these issues have been fixed in bind9 version 9.7.3.dfsg-1~squeeze12