Debian Security Advisory
DSA-2370-1 unbound -- several vulnerabilities
- Date Reported:
- 22 Dec 2011
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2011-4528, CVE-2011-4869.
- More information:
It was discovered that Unbound, a recursive DNS resolver, would crash when processing certain malformed DNS responses from authoritative DNS servers, leading to denial of service.
Unbound attempts to free unallocated memory during processing of duplicate CNAME records in a signed zone.
Unbound does not properly process malformed responses which lack expected NSEC3 records.
For the oldstable distribution (lenny), these problems have been fixed in version 1.4.6-1~lenny2.
For the stable distribution (squeeze), these problems have been fixed in version 1.4.6-1+squeeze2.
For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 1.4.14-1.
We recommend that you upgrade your unbound packages.