Arch Linux: ASA-201702-8 High: Bind Denial Of Service Issue
Feb 10, 2017
•
LinuxSecurity Advisories
1 min read
Topics Covered
The package bind before version 9.11.0.P3-1 is vulnerable to denial of service.
Arch Linux Security Advisory ASA-201702-8 ======================================== Severity: High Date : 2017-02-09 CVE-ID : CVE-2017-3135 Package : bind Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-169 Summary ====== The package bind before version 9.11.0.P3-1 is vulnerable to denial of service. Resolution ========= Upgrade to 9.11.0.P3-1. # pacman -Syu "bind>=9.11.0.P3-1" The problem has been fixed upstream in version 9.11.0.P3. Workaround ========= None. Description ========== A vulnerability has been found in bind < 9.11.0-P3, allowing a remote attacker to trigger an INSIST assertion failure or a NULL pointer read in configurations using both DNS64 and RPZ. Impact ===== A remote unauthenticated attacker can crash a vulnerable server, resulting in denial of service. References ========= https://kb.isc.org/docs/aa-01453 https://security.archlinux.org/CVE-2017-3135
PREVIOUS
NEXT
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!