Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 584
Alerts This Week
Warning Icon 1 584

Ubuntu 15.04 and 14.04 LTS: USN-2693-1 Critical Bind DoS Threat

ubuntu
Calendar Grey July 28, 2015
Scroller Ubuntu
Significant news regarding Bind9 for Ubuntu has been released, focusing on countering denial of service threats posed by uniquely designed network packets.
Bind could be made to crash if it received specially crafted network traffic.

Summary

Bind could be made to crash if it received specially crafted network

traffic.

Software Description:

- bind9: Internet Domain Name Server

Details:

Jonathan Foote discovered that Bind incorrectly handled certain TKEY

queries. A remote attacker could use this issue with a specially crafted

packet to cause Bind to crash, resulting in a denial of service.

(CVE-2015-5477)

Pories Ediansyah discovered that Bind incorrectly handled certain

configurations involving DNS64. A remote attacker could use this issue with

a specially crafted query to cause Bind to crash, resulting in a denial of

service. This issue only affected Ubuntu 12.04 LTS. (CVE-2012-5689)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 15.04:
  bind9                           1:9.9.5.dfsg-9ubuntu0.2

Ubuntu 14.04 LTS:
  bind9                           1:9.9.5.dfsg-3ubuntu0.4

Ubuntu 12.04 LTS:
  bind9                           1:9.8.1.dfsg.P1-4ubuntu0.12

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2693-1

CVE-2012-5689, CVE-2015-5477

Severity
critical
Lowest
Low
Medium
High
Critical

July 28, 2015

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.