Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2014.2324
bind9 security update
9 December 2014
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: bind9
Publisher: Debian
Operating System: Debian GNU/Linux 7
Impact/Access: Denial of Service -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2014-8500
Original Bulletin:
http://www.debian.org/security/2014/dsa-3094
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-3094-1 security@debian.org
http://www.debian.org/security/ Giuseppe Iuculano
December 08, 2014 http://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : bind9
CVE ID : CVE-2014-8500
It was discovered that BIND, a DNS server, is prone to a denial of
service vulnerability.
By making use of maliciously-constructed zones or a rogue server, an
attacker can exploit an oversight in the code BIND 9 uses to follow
delegations in the Domain Name Service, causing BIND to issue unlimited
queries in an attempt to follow the delegation.
This can lead to resource exhaustion and denial of service
(up to and including termination of the named server process.)
For the stable distribution (wheezy), this problem has been fixed in
version 1:9.8.4.dfsg.P1-6+nmu2+deb7u3.
For the upcoming stable distribution (jessie), this problem will be
fixed soon.
For the unstable distribution (sid), this problem will be fixed soon.
We recommend that you upgrade your bind9 packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJUhhtUAAoJEI9hzo2UfbETZNgQAK3cYJpGVfcD03AEU5KEkXbO
rUor18BYRz6lCPSeLqIuF0OHR+ForpgV0t1CZ2mtexr3MSgve/LZn1LH5/YnYCLT
2A3UEtNgi7hzChbgQbWTLXTGzn1eOMxq1lS/pS40h0eLWrbKO8DIA+YiLzVm6G4a
rBqHuF+7CoBcRLckk3G2pu+XUFH7SrSFURu8537/ihLqOU7s1vf26G79XmDxFp1m
DHhqJ4A/qRTVwBcTaa7nXkQ3YZ1dNFjiSdq44i8N2NZgXhqPyfkfIEWmYI4pSVHi
rWpW8j8K2EagbovTUcEYG4OW0P+R06oYNT3QP9RaDiGfEqge+L8gb+RJIZFkmh2o
RDdpg3M4B8OZ9JVl/5x4Jdf6LUpfBe1UtAawNC8Fh7B/Xajgsr7mF7DsTBNDSOh9
5BhhSuZrSw2ZVU4rvC4g06lA6lq6GfXzwY8S0M9Mo3BeqvIr2L6BzX7ONUpmBx3n
OAvbTFtaB2LZMoP2JVaa9wMmb2F5c5PMVRphaP+2AxP3KSLOYOCLoEv2gg/6udmU
PC48Pyl2mm5TzSM7URZEP1lqx/lasdjg/XKfq/SkT7ZRXZqdd/aDy1M4R3RBNzWw
dMH+vUHS4qdI2wxKrLkcOQjlQtqHh6+8fWSFb58OLEm7gJB9rMjtFvzcs4nvWiyh
12hvYBbyAjb6ovdvfYsP
=b2o8
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBVIY7URLndAQH1ShLAQLiwg//ZWgXc8cyVsJYrkPz+0kn+PEW4dP2b9kz
Q1X7DuLocgSzy8KjHT4S8zr7X7Ni4RSCphu0Urm1FvBO8tvJ5SRA1qRFTZGiOvDU
0SX8v5Ayagc9eLF1R1k9PbhCSuAiAOpP9AFeZF2RozsRHjgasBr1fGrWPtTi/uSA
yH3e6RBITP4m6m/l/gyWBupWu5vS6AOO3jATz0n1eH/QBhmuzs4idwKWrC/nXIeT
WL/wkM2YCuIoE3g8I8DrnWOrVsa/wsWPHxUvCXs6zv3sxNQCv3WaT19KeIjJgfev
pP//WRJ/Nb6FyGFIvd+f0kOvoD85kLOb5MU2rWNr1e5v9rASTAfHuI51oA046zAd
W4M2Xik3HZNApNeagkHpkOl5GCeSD86mwvcpwQOxlNrInCLYHDS02a9BbXEejiKz
cjhR7CLtgceUoGDDC4ugWFcrX4KfipOKtqNeO0mUqnISiwXf6i8vtT3grhilT3S5
V7obvyu23+CarP9B66Yu+35EJqy33nf1XE+zqhhED4p2GDRpQ1/3bWjLaf1Y1/3F
+aTgNjI5p8hg33XjE+ddSFprxm4YBddFFg3AWk99ko+zk/nzw39sMkDYQP7pzzAA
6WYcEebDQwtgH3oR1IHqnBvpgI+aTXl/VuplaSGT97da5Ng8qLChaYm9r5V69s8J
VyyQ4QsH0jc=
=xcFA
-----END PGP SIGNATURE-----