- -------------------------------------------------------------------------
Debian Security Advisory DSA-3304-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
July 07, 2015                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : bind9
CVE ID         : CVE-2015-4620

Breno Silveira Soares of Servico Federal de Processamento de Dados
(SERPRO) discovered that the BIND DNS server is prone to a denial of
service vulnerability. A remote attacker who can cause a validating
resolver to query a zone containing specifically constructed contents
can cause the resolver to terminate with an assertion failure, resulting
in a denial of service to clients relying on the resolver.

For the oldstable distribution (wheezy), this problem has been fixed
in version 1:9.8.4.dfsg.P1-6+nmu2+deb7u5.

For the stable distribution (jessie), this problem has been fixed in
version 1:9.9.5.dfsg-9+deb8u1.

For the testing distribution (stretch) and the unstable distribution
(sid), this problem will be fixed soon.

We recommend that you upgrade your bind9 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org