SUSE: 2015:0480-1 Important: bind Recursion Issues and Crash Fix
suse
March 11, 2015
An update that solves two vulnerabilities and has one An update that solves two vulnerabilities and has one An update that solves two vulnerabilities and has one errata is now avai...
Summary
This bind updated fixes the following two security issues: * A flaw in delegation handling could be exploited to put named into an infinite loop. This has been addressed by placing limits on the number of levels of recursion named will allow (default 7), and the number of iterative queries that it will send (default 50) before terminating a recursive query (CVE-2014-8500, bnc#908994). The recursion depth limit is configured via the "max-recursion-depth" option, and the query limit via the "max-recursion-queries" option. * A flaw when handling malformed NSEC3-signed zones could lead named to a crash. (CVE-2014-0591, bnc#858639) Additionally, a non-security bug has been fixed: * Fix handling of TXT records in ldapdump (bnc#743758). Security Issues: * CVE-2014-8500
Topics Covered
References
#743758 #858639 #908994
Cross- CVE-2014-0591 CVE-2014-8500
Affected Products:
SUSE Linux Enterprise Server 11 SP1 LTSS
https://www.suse.com/security/cve/CVE-2014-0591.html
https://www.suse.com/security/cve/CVE-2014-8500.html
https://bugzilla.suse.com/show_bug.cgi?id=743758
https://bugzilla.suse.com/show_bug.cgi?id=858639
https://bugzilla.suse.com/show_bug.cgi?id=908994
https://scc.suse.com:443/patches/
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2015:0480-1
Rating: important
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!