2

USN-808-1: Bind vulnerability

view story
linux-howto

http://www.ubuntu.com – Referenced CVEs:  CVE-2009-0696 Description:  =========================================================== Ubuntu Security Notice USN-808-1 July 29, 2009 bind9 vulnerability CVE-2009-0696 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: bind9 1:9.3.2-2ubuntu1.7 Ubuntu 8.04 LTS: bind9 1:9.4.2.dfsg.P2-2ubuntu0.2 Ubuntu 8.10: bind9 1:9.5.0.dfsg.P2-1ubuntu3.2 Ubuntu 9.04: bind9 1:9.5.1.dfsg.P2-1ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Micha Krause discovered that Bind did not correctly validate certain dynamic DNS update packets. An unauthenticated remote attacker could send specially crafted traffic to crash the DNS server, leading to a denial of service. (Distributions)