Описание
Security update for bind
This update fixes a DoS vulnerability in bind when handling malformed NSEC3-signed zones. CVE-2014-0591 has been assigned to this issue.
Security Issue references:
Список пакетов
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP2-LTSS
SUSE Linux Enterprise Server for SAP Applications 11 SP2
Ссылки
- Link for SUSE-SU-2015:0011-2
- E-Mail link for SUSE-SU-2015:0011-2
- SUSE Security Ratings
- SUSE Bug 743758
- SUSE Bug 765315
- SUSE Bug 772945
- SUSE Bug 780157
- SUSE Bug 784602
- SUSE Bug 796112
- SUSE Bug 815230
- SUSE Bug 819475
- SUSE Bug 831899
- SUSE Bug 858639
- SUSE Bug 882511
- SUSE Bug 908994
- SUSE CVE CVE-2012-1667 page
- SUSE CVE CVE-2012-3817 page
- SUSE CVE CVE-2012-4244 page
- SUSE CVE CVE-2012-5166 page
- SUSE CVE CVE-2013-4854 page
Описание
ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of service (daemon crash or data corruption) or obtain sensitive information from process memory via a crafted record.
Затронутые продукты
Ссылки
- CVE-2012-1667
- SUSE Bug 765315
- SUSE Bug 792926
Описание
ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2; 9.8.x before 9.8.3-P2; 9.9.x before 9.9.1-P2; and 9.6-ESV before 9.6-ESV-R7-P2, when DNSSEC validation is enabled, does not properly initialize the failing-query cache, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) by sending many queries.
Затронутые продукты
Ссылки
- CVE-2012-3817
- SUSE Bug 772945
- SUSE Bug 792926
- SUSE Bug 986950
Описание
ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a long resource record.
Затронутые продукты
Ссылки
- CVE-2012-4244
- SUSE Bug 780157
- SUSE Bug 792926
Описание
ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows remote attackers to cause a denial of service (named daemon hang) via unspecified combinations of resource records.
Затронутые продукты
Ссылки
- CVE-2012-5166
- SUSE Bug 784602
- SUSE Bug 792926
Описание
The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.
Затронутые продукты
Ссылки
- CVE-2013-4854
- SUSE Bug 831899
Описание
The query_findclosestnsec3 function in query.c in named in ISC BIND 9.6, 9.7, and 9.8 before 9.8.6-P2 and 9.9 before 9.9.4-P2, and 9.6-ESV before 9.6-ESV-R10-P2, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a crafted DNS query to an authoritative nameserver that uses the NSEC3 signing feature.
Затронутые продукты
Ссылки
- CVE-2014-0591
- SUSE Bug 858639
Описание
ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through 9.10.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory consumption and named crash) via a large or infinite number of referrals.
Затронутые продукты
Ссылки
- CVE-2014-8500
- SUSE Bug 908994
- SUSE Bug 986950