Alerts This Week
Warning Icon 1 666
Alerts This Week
Warning Icon 1 666

Debian: DSA-4440-1 Moderate: BIND9 Denial of Service & Connection Limits

debian
Calendar Grey May 9, 2019
Debian Logo
A series of security flaws addressed in the BIND DNS server, encompassing concerns related to connection thresholds and potential denial of service threats.
Multiple vulnerabilities were found in the BIND DNS server: CVE-2018-5743
Topics%20covered

Topics Covered

security advisory denial of service security update access control Debian bind9 DNS server

Summary

Multiple vulnerabilities were found in the BIND DNS server:

CVE-2018-5743

Connection limits were incorrectly enforced.

CVE-2018-5745

The "managed-keys" feature was susceptible to denial of service by
triggering an assert.

CVE-2019-6465

ACLs for zone transfers were incorrectly enforced for dynamically
loadable zones (DLZs).

For the stable distribution (stretch), these problems have been fixed in
version 1:9.10.3.dfsg.P4-12.3+deb9u5.

We recommend that you upgrade your bind9 packages.

For the detailed security status of bind9 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/bind9

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/



Severity
important
Lowest
Low
Medium
High
Critical

Package: bind9
CVE ID: CVE-2018-5743 CVE-2018-5745 CVE-2019-6465

Topics%20covered

Topics Covered

security advisory denial of service security update access control Debian bind9 DNS server

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here