Security Information / 2015 / Security Information -- DSA-3162-1 bind9

Debian Security Advisory

DSA-3162-1 bind9 -- security update

Date Reported:

18 Feb 2015

Affected Packages:

bind9

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2015-1349.

More information:

Jan-Piet Mens discovered that the BIND DNS server would crash when processing an invalid DNSSEC key rollover, either due to an error on the zone operator's part, or due to interference with network traffic by an attacker. This issue affects configurations with the directives "dnssec-validation auto;" (as enabled in the Debian default configuration) or "dnssec-lookaside auto;".

For the stable distribution (wheezy), this problem has been fixed in version 1:9.8.4.dfsg.P1-6+nmu2+deb7u4.

We recommend that you upgrade your bind9 packages.