Debian Security Advisory
DSA-2196-1 maradns -- buffer overflow
- Date Reported:
- 19 Mar 2011
- Affected Packages:
- maradns
- Vulnerable:
- Yes
- Security database references:
- In the Debian bugtracking system: Bug 610834.
In Mitre's CVE dictionary: CVE-2011-0520. - More information:
-
Witold Baryluk discovered that MaraDNS, a simple security-focused Domain Name System server, may overflow an internal buffer when handling requests with a large number of labels, causing a server crash and the consequent denial of service.
For the oldstable distribution (lenny), this problem has been fixed in version 1.3.07.09-2.1.
For the stable distribution (squeeze) and greater this problem had already been fixed in version 1.4.03-1.1.
We recommend that you upgrade your maradns packages.