MGASA-2012-0258
| Date: | September 7th, 2012 |
| Affected releases: | 2 |
Description:
Updated bind packages fix security vulnerabilities:
High numbers of queries with DNSSEC validation enabled can cause an
assertion failure in named, caused by using a bad cache data structure
before it has been initialized (CVE-2012-3817).
Race condition in the ns_client structure management in ISC BIND 9.9.x
before 9.9.1-P2 allows remote attackers to cause a denial of service
(memory consumption or process exit) via a large volume of TCP queries
(CVE-2012-3868).
Updated Packages:
bind-9.9.1.P2-1.mga2
bind-sdb-9.9.1.P2-1.mga2
bind-utils-9.9.1.P2-1.mga2
bind-devel-9.9.1.P2-1.mga2
bind-doc-9.9.1.P2-1.mga2
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3817
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3868
ftp://ftp.isc.org/isc/bind9/9.9.1-P2/RELEASE-NOTES-BIND-9.9.1-P2.txt
https://kb.isc.org/article/AA-00729
https://kb.isc.org/article/AA-00730
http://lists.fedoraproject.org/pipermail/package-announce/2012-August/084813.html
http://www.mandriva.com/en/support/security/advisories/?dis=2011&name=MDVSA-2012:119
https://bugs.mageia.org/show_bug.cgi?id=6873
