ntp security update

4.2.2p1-18.el5 - don't generate weak control key for resolver CVE-2014-9293 - don't generate weak MD5 keys in ntp-keygen CVE-2014-9294 - fix buffer overflows via specially-crafted packets CVE-2014-9295...

ntp security update

4.2.6p5-2 - don't generate weak control key for resolver CVE-2014-9293 - don't generate weak MD5 keys in ntp-keygen CVE-2014-9294 - fix buffer overflows via specially-crafted packets CVE-2014-9295 - don't mobilize passive association when authentication fails CVE-2014-9296...

glibc: arbitrary code execution

CVE-2012-3406 arbitrary code execution The vfprintf function in stdio-common/vfprintf.c in GNU C Library does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFYSOURCE format-string protection...

FreeBSD : bind -- denial of service vulnerability (ab3e98d9-8175-11e4-907d-d050992ecde8)

ISC reports : We have today posted updated versions of 9.9.6 and 9.10.1 to address a significant security vulnerability in DNS resolution. The flaw was discovered by Florian Maury of ANSSI, and applies to any recursive resolver that does not support a limit on the number of recursions...

Debian DSA-3097-1 : unbound - security update

Florian Maury from ANSSI discovered that unbound, a validating, recursive, and caching DNS resolver, was prone to a denial of service vulnerability. An attacker crafting a malicious zone and able to emit or make emit queries to the server can trick the resolver into following an endless series of...

Fedora 20 : curl-7.32.0-17.fc20 (2014-16538)

make CURLOPTLOWSPEEDLIMIT work again with threaded resolver 1172572 - allow to use TLS 1.1 and TLS 1.2 1153814 - disable libcurl-level downgrade to SSLv3 1166567 - low-speed-limit: avoid timeout flood 1166239 - fix handling of CURLOPTCOPYPOSTFIELDS in curleasyduphandle CVE-2014-3707 Note that...

[SECURITY] [DLA 107-1] unbound security update

Package : unbound Version : 1.4.6-1+squeeze4 CVE ID : CVE-2014-8602 Debian Bug : 772622 Florian Maury from ANSSI discovered that unbound, a validating, recursive, and caching DNS resolver, was prone to a denial of service vulnerability. An attacker crafting a malicious zone and able to emit or ma...

[SECURITY] [DSA 3097-1] unbound security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3097-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez December 10, 2014 http://www.debian.org/security/faq -...

[SECURITY] [DSA 3097-1] unbound security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3097-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez December 10, 2014 http://www.debian.org/security/faq -...

Debian Security Advisory DSA 3097-1 (unbound - security update)

Florian Maury from ANSSI discovered that unbound, a validating, recursive, and caching DNS resolver, was prone to a denial of service vulnerability. An attacker crafting a malicious zone and able to emit or make emit queries to the server can trick the resolver into following an endless series of...

DSA-3097-1 unbound - security update

Bulletin has no description...

Debian: Security Advisory (DSA-3097-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Recursive DNS resolver implementations may follow referrals infinitely

Overview Recursive DNS resolvers may become stuck following an infinite chain of referrals due to a malicious authoritative server. Description RFC 1034 describes the standard technical issues of enabling domain delegations in DNS, but does not provide a specific implementation, leaving DNS serve...

FreeBSD : unbound -- can be tricked into following an endless series of delegations, this consumes a lot of resources (10d73529-7f4b-11e4-af66-00215af774f0)

Unbound developer reports : The resolver can be tricked into following an endless series of delegations, this consumes a lot of resources. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database :...

unbound -- can be tricked into following an endless series of delegations, this consumes a lot of resources

Unbound developer reports: The resolver can be tricked into following an endless series of delegations, this consumes a lot of resources...

CVE-2014-4883

resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in lwIP 1.4.1 and earlier, does not use random values for ID fields and source ports of DNS query packets, which makes it easier for man-in-the-middle attackers to conduct cache-poisoning attacks via spoofed reply packets...

CVE-2014-4883

resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in lwIP 1.4.1 and earlier, does not use random values for ID fields and source ports of DNS query packets, which makes it easier for man-in-the-middle attackers to conduct cache-poisoning attacks via spoofed reply packets...

Design/Logic Flaw

resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in lwIP 1.4.1 and earlier, does not use random values for ID fields and source ports of DNS query packets, which makes it easier for man-in-the-middle attackers to conduct cache-poisoning attacks via spoofed reply packets...

CVE-2014-4883

resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in lwIP 1.4.1 and earlier, does not use random values for ID fields and source ports of DNS query packets, which makes it easier for man-in-the-middle attackers to conduct cache-poisoning attacks via spoofed reply packets...

CVE-2014-4883

CVE-2014-4883 affects the DNS resolver code paths in uIP and lwIP (resolv.c/dns.c for lwIP