Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Gentoo: GLSA-201311-19 Important: Bind Authorization Flaw

gentoo
Calendar Grey November 28, 2013
Dist Gentoo Esm H88
Unbound is susceptible to multiple Denial of Service vulnerabilities, and users are advised to apply the necessary updates as outlined in the provided guidance.
Multiple Denial of Service vulnerabilities have been found in Unbound.

Summary

Multiple vulnerabilities have been discovered in Unbound. Please review the CVE identifiers referenced below for details.

Topics%20covered

Topics Covered

security advisory denial of service dns resolver normal severity unbound

Resolution

All Unbound users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-dns/unbound-1.4.13_p2"

References

[ 1 ] CVE-2011-4528 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4528 [ 2 ] CVE-2011-4869 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4869

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201311-18
style>.gentoo_availability{display:block;}

Concerns

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

Severity
important
Lowest
Low
Medium
High
Critical

Severity: Normal
Title: Unbound: Denial of Service
Date: November 28, 2013
Bugs: #395287
ID: 201311-18

Topics%20covered

Topics Covered

security advisory denial of service dns resolver normal severity unbound

Synopsis

Multiple Denial of Service vulnerabilities have been found in Unbound.

Background

Unbound is a validating, recursive, and caching DNS resolver.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-dns/unbound < 1.4.13_p2 >= 1.4.13_p2

Impact

===== A remote attacker could possibly cause a Denial of Service condition via a specially crafted response.

Workaround

There is no known workaround at this time.

Related News

Your message here