Advisories ยป MGASA-2014-0013

Updated bind package fixes security vulnerability

Publication date: 17 Jan 2014
Type: security
Affected Mageia releases : 3
CVE: CVE-2014-0591


Updated bind packages fix security vulnerability:

Because of a defect in handling queries for NSEC3-signed zones, BIND can
crash with an "INSIST" failure in name.c when processing queries possessing
certain properties. By exploiting this defect an attacker deliberately
constructing a query with the right properties could achieve denial of
service against an authoritative nameserver serving NSEC3-signed zones