[SECURITY] [DSA 3094-1] bind9 security update

2014-12-0821:42:44

lists.debian.org

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

8.7 High

AI Score

Confidence

High

0.877 High

EPSS

Percentile

98.7%

JSON

Debian Security Advisory DSA-3094-1 [email protected]
http://www.debian.org/security/ Giuseppe Iuculano
December 08, 2014 http://www.debian.org/security/faq

Package : bind9
CVE ID : CVE-2014-8500

It was discovered that BIND, a DNS server, is prone to a denial of
service vulnerability.
By making use of maliciously-constructed zones or a rogue server, an
attacker can exploit an oversight in the code BIND 9 uses to follow
delegations in the Domain Name Service, causing BIND to issue unlimited
queries in an attempt to follow the delegation.
This can lead to resource exhaustion and denial of service
(up to and including termination of the named server process.)

For the stable distribution (wheezy), this problem has been fixed in
version 1:9.8.4.dfsg.P1-6+nmu2+deb7u3.

For the upcoming stable distribution (jessie), this problem will be
fixed soon.

For the unstable distribution (sid), this problem will be fixed soon.

We recommend that you upgrade your bind9 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian7powerpclibisccc80< 1:9.8.4.dfsg.P1-6+nmu2+deb7u3libisccc80_1:9.8.4.dfsg.P1-6+nmu2+deb7u3_powerpc.deb
Debian7mipselbind9-host< 1:9.8.4.dfsg.P1-6+nmu2+deb7u3bind9-host_1:9.8.4.dfsg.P1-6+nmu2+deb7u3_mipsel.deb
Debian6amd64libbind-dev< 1:9.7.3.dfsg-1~squeeze13libbind-dev_1:9.7.3.dfsg-1~squeeze13_amd64.deb
Debian7mipsdnsutils< 1:9.8.4.dfsg.P1-6+nmu2+deb7u3dnsutils_1:9.8.4.dfsg.P1-6+nmu2+deb7u3_mips.deb
Debian7powerpcliblwres80< 1:9.8.4.dfsg.P1-6+nmu2+deb7u3liblwres80_1:9.8.4.dfsg.P1-6+nmu2+deb7u3_powerpc.deb
Debian6i386libdns69< 1:9.7.3.dfsg-1~squeeze13libdns69_1:9.7.3.dfsg-1~squeeze13_i386.deb
Debian7mipselliblwres80< 1:9.8.4.dfsg.P1-6+nmu2+deb7u3liblwres80_1:9.8.4.dfsg.P1-6+nmu2+deb7u3_mipsel.deb
Debian7kfreebsd-amd64bind9utils< 1:9.8.4.dfsg.P1-6+nmu2+deb7u3bind9utils_1:9.8.4.dfsg.P1-6+nmu2+deb7u3_kfreebsd-amd64.deb
Debian6i386libisc62< 1:9.7.3.dfsg-1~squeeze13libisc62_1:9.7.3.dfsg-1~squeeze13_i386.deb
Debian7powerpcdnsutils< 1:9.8.4.dfsg.P1-6+nmu2+deb7u3dnsutils_1:9.8.4.dfsg.P1-6+nmu2+deb7u3_powerpc.deb

OS	Version	Architecture	Package	Version	Filename
Debian	7	powerpc	libisccc80	< 1:9.8.4.dfsg.P1-6+nmu2+deb7u3	libisccc80_1:9.8.4.dfsg.P1-6+nmu2+deb7u3_powerpc.deb
Debian	7	mipsel	bind9-host	< 1:9.8.4.dfsg.P1-6+nmu2+deb7u3	bind9-host_1:9.8.4.dfsg.P1-6+nmu2+deb7u3_mipsel.deb
Debian	6	amd64	libbind-dev	< 1:9.7.3.dfsg-1~squeeze13	libbind-dev_1:9.7.3.dfsg-1~squeeze13_amd64.deb
Debian	7	mips	dnsutils	< 1:9.8.4.dfsg.P1-6+nmu2+deb7u3	dnsutils_1:9.8.4.dfsg.P1-6+nmu2+deb7u3_mips.deb
Debian	7	powerpc	liblwres80	< 1:9.8.4.dfsg.P1-6+nmu2+deb7u3	liblwres80_1:9.8.4.dfsg.P1-6+nmu2+deb7u3_powerpc.deb
Debian	6	i386	libdns69	< 1:9.7.3.dfsg-1~squeeze13	libdns69_1:9.7.3.dfsg-1~squeeze13_i386.deb
Debian	7	mipsel	liblwres80	< 1:9.8.4.dfsg.P1-6+nmu2+deb7u3	liblwres80_1:9.8.4.dfsg.P1-6+nmu2+deb7u3_mipsel.deb
Debian	7	kfreebsd-amd64	bind9utils	< 1:9.8.4.dfsg.P1-6+nmu2+deb7u3	bind9utils_1:9.8.4.dfsg.P1-6+nmu2+deb7u3_kfreebsd-amd64.deb
Debian	6	i386	libisc62	< 1:9.7.3.dfsg-1~squeeze13	libisc62_1:9.7.3.dfsg-1~squeeze13_i386.deb
Debian	7	powerpc	dnsutils	< 1:9.8.4.dfsg.P1-6+nmu2+deb7u3	dnsutils_1:9.8.4.dfsg.P1-6+nmu2+deb7u3_powerpc.deb