-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2656-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso March 30, 2013 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : bind9 Vulnerability : denial of service Problem type : remote Debian-specific: no CVE ID : CVE-2013-2266 Debian Bug : 704174 Matthew Horsfall of Dyn, Inc. discovered that BIND, a DNS server, is prone to a denial of service vulnerability. A remote attacker could use this flaw to send a specially-crafted DNS query to named that, when processed, would cause named to use an excessive amount of memory, or possibly crash. For the stable distribution (squeeze), this problem has been fixed in version 1:9.7.3.dfsg-1~squeeze10. For the testing distribution (wheezy), this problem has been fixed in version 1:9.8.4.dfsg.P1-6+nmu1. For the unstable distribution (sid), this problem has been fixed in version 1:9.8.4.dfsg.P1-6+nmu1. We recommend that you upgrade your bind9 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) iQEcBAEBCgAGBQJRVwfuAAoJEG3bU/KmdcClTN8H/RFFGZtUqsNOL2f1h37luA37 ue0ijzAQewC+BSYn6sGTYItmiPDMU5Ok5m6LdYI5U5f/+47FBUcIQJv569zI5IKt J7gKlsNXCAQfV0eYZu0FctfSMn23QoKBSBF7j5PTwW6RiP2PvcocRa/lvYmT2GIU K6F5/Gmfk8VQRyCbsy26T7J3d3PuKIKYV2LGTUvKhIJKPhokrm5nESBTrE/0nmW7 9I/PSqK35nTiLyCBZinY0G3xl6UhrlQxxqHCryrFVZQVkOn8pUR06tulkJsx6rHW k8GgPkPk5w0oPs5VEk9WfLLgFX+ukvGS+DWFZyIT7lMPvQ2ac8aGDjpm0bu6Ys8= =7ACF -----END PGP SIGNATURE-----