Debian Long Term Support / LTS Security Information / 2015 / Security Information -- DLA-163-1 bind9

Debian Security Advisory

DLA-163-1 bind9 -- LTS security update

Date Reported:

01 Mar 2015

Affected Packages:

bind9

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 778733.
In Mitre's CVE dictionary: CVE-2015-1349.

More information:

Jan-Piet Mens discovered that the BIND DNS server would crash when processing an invalid DNSSEC key rollover, either due to an error on the zone operator's part, or due to interference with network traffic by an attacker. This issue affects configurations with the directives "dnssec-validation auto;" (as enabled in the Debian default configuration) or "dnssec-lookaside auto;".

For Debian 6 Squeeze, these issues have been fixed in bind9 version 1:9.7.3.dfsg-1~squeeze14