SuSE 11.3 Security Update : bind (SAT Patch Number 10100)

bind has been updated to version 9.9.6P1, fixing the following security issue : - A flaw in delegation handling could be exploited to put named into an infinite loop. This has been addressed by placing limits on the number of levels of recursion named will allow default 7, and the number of...

DNS Label Compression Recursion Denial of Service - Ver2 (CVE-2007-1030)

A denial-of-service vulnerability has been reported in Niels Provos Libevent. Successful exploitation of this vulnerability would allow a remote attacker to create a denial of service condition on the affected system...

SOL15931 - Unbound vulnerability CVE-2014-8602

Recommended action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2014-3106)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-3106 advisory. - isofs: Fix unbounded recursion when processing relocated directories Jan Kara Orabug: 20224059 CVE-2014-5471 CVE-2014-5472 Tenable has extracted...

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2014-3107)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-3107 advisory. - isofs: Fix unbounded recursion when processing relocated directories Jan Kara Orabug: 20224060 CVE-2014-5471 CVE-2014-5472 Tenable has extracted...

MGASA-2014-0537 Updated file packages fix security vulnerabilities

Updated file packages fix security vulnerabilities: Thomas Jarosch of Intra2net AG reported that using the file command on a specially-crafted ELF binary could lead to a denial of service due to uncontrolled resource consumption CVE-2014-8116. Thomas Jarosch of Intra2net AG reported that using th...

Unbreakable Enterprise kernel security update

kernel-uek 2.6.32-400.36.13uek - net: guard tcpsetkeepalive to tcp sockets Eric Dumazet Orabug: 20224099 CVE-2012-6657 - isofs: Fix unbounded recursion when processing relocated directories Jan Kara Orabug: 20224061 CVE-2014-5471 CVE-2014-5472 - x8664, traps: Stop using IST for SS Andy Lutomirski...

SOL15927 - BIND vulnerability CVE-2014-8500

The LTM and GTM modules are not vulnerable by default. To be vulnerable, recursion must be manually enabled in the BIND named.conf file. Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to...

Unbreakable Enterprise kernel security update

kernel-uek 3.8.13-55.1.2.el6uek - isofs: Fix unbounded recursion when processing relocated directories Jan Kara Orabug: 20224059 CVE-2014-5471 CVE-2014-5472 - x8664, traps: Stop using IST for SS Andy Lutomirski Orabug: 20224027 CVE-2014-9090 CVE-2014-9322...

CVE-2014-8117

softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service CPU consumption or crash via unspecified vectors...

CVE-2014-8117

softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service CPU consumption or crash via unspecified vectors...

DEBIAN-CVE-2014-8117

softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service CPU consumption or crash via unspecified vectors...

Design/Logic Flaw

softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service CPU consumption or crash via unspecified vectors...

CVE-2014-8117

CVE-2014-8117 affects the file utility; the softmagic.c code path in file before 5.21 does not properly limit recursion, enabling a remote attacker to trigger a denial of service (CPU consumption or crash) via unspecified vectors. Connected advisories confirm this issue alongside CVE-2014-8116 an...

EUVD-2014-7962

softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service CPU consumption or crash via unspecified vectors...

CVE-2014-8117

softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service CPU consumption or crash via unspecified vectors...

UBUNTU-CVE-2014-8117

softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service CPU consumption or crash via unspecified vectors...

Cross site scripting

Zenoss Core through 5 Beta 3 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service memory and CPU consumption via a crafted XML document containing a large number of nested entity references, aka ZEN-15414, a similar issue to...

FreeBSD : bind -- denial of service vulnerability (ab3e98d9-8175-11e4-907d-d050992ecde8)

ISC reports : We have today posted updated versions of 9.9.6 and 9.10.1 to address a significant security vulnerability in DNS resolution. The flaw was discovered by Florian Maury of ANSSI, and applies to any recursive resolver that does not support a limit on the number of recursions...

Some Recursive DNS Implementations Patch DoS Vulnerability

UPDATE: Some domain name system DNS server implementations are at risk for denial-of-service attacks after a vulnerability was disclosed and patched in a few popular server packages, including BIND, OpenDNS, PowerDNS and NLnetLabs. According to an advisory from DHS and the CERT Coordination Cente...