[Full-disclosure] rPSA-2007-0021-1 bind bind-utils
rPath Update Announcements
announce-noreply at rpath.com
Thu Jan 25 23:16:05 GMT 2007
rPath Security Advisory: 2007-0021-1
Published: 2007-01-25
Products: rPath Linux 1
Rating: Severe
Exposure Level Classification:
Remote Deterministic Denial of Service
Updated Versions:
bind=/conary.rpath.com at rpl:devel//1/9.3.4-0.1-1
bind-utils=/conary.rpath.com at rpl:devel//1/9.3.4-0.1-1
References:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0493
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0494
https://issues.rpath.com/browse/RPL-989
Description:
Previous versions of the bind package are vulnerable to two remote
denial of service attacks in which attackers can cause the bind
daemon to to crash or exit unexpectedly by providing malformed
data to the daemon in a DNS request.
Full-Disclosure is hosted and sponsored by Secunia.