Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 501
Alerts This Week
Warning Icon 1 501

Ubuntu 14.10: 2437-1 Moderate: Bind Denial Of Service Risk

ubuntu
Calendar Grey December 9, 2014
Dist Ubuntu Esm H88
A vulnerability in Ubuntu's Bind could lead to crashes from specially designed traffic. Apply the latest updates to mitigate possible denial of service vulnerabilities right away.
Bind could be made to crash if it received specially crafted network traffic.

Summary

Bind could be made to crash if it received specially crafted network

traffic.

Software Description:

- bind9: Internet Domain Name Server

Details:

Florian Maury discovered that Bind incorrectly handled delegation. A remote

attacker could possibly use this issue to cause Bind to consume resources

and crash, resulting in a denial of service.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.10:
  bind9                           1:9.9.5.dfsg-4.3ubuntu0.1

Ubuntu 14.04 LTS:
  bind9                           1:9.9.5.dfsg-3ubuntu0.1

Ubuntu 12.04 LTS:
  bind9                           1:9.8.1.dfsg.P1-4ubuntu0.9

Ubuntu 10.04 LTS:
  bind9                           1:9.7.0.dfsg.P1-1ubuntu0.12

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2437-1

CVE-2014-8500

Severity
important
Lowest
Low
Medium
High
Critical

December 09, 2014

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.