Advisories » MGASA-2014-0013

Updated bind package fixes security vulnerability

Publication date: 17 Jan 2014
Modification date: 17 Jan 2014
Type: security
Affected Mageia releases : 3
CVE: CVE-2014-0591

Description

Updated bind packages fix security vulnerability:

Because of a defect in handling queries for NSEC3-signed zones, BIND can
crash with an "INSIST" failure in name.c when processing queries possessing
certain properties. By exploiting this defect an attacker deliberately
constructing a query with the right properties could achieve denial of
service against an authoritative nameserver serving NSEC3-signed zones
(CVE-2014-0591).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=12296
• https://kb.isc.org/article/AA-01078
• https://kb.isc.org/article/AA-01080
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0591

SRPMS

3/core

• bind-9.9.4.P2-1.mga3