2014-02-04
ALT-BU-2014-2558-1
Branch sisyphus update bulletin.
Closed vulnerabilities
Published: 2014-01-14
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2014-0591
The query_findclosestnsec3 function in query.c in named in ISC BIND 9.6, 9.7, and 9.8 before 9.8.6-P2 and 9.9 before 9.9.4-P2, and 9.6-ESV before 9.6-ESV-R10-P2, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a crafted DNS query to an authoritative nameserver that uses the NSEC3 signing feature.
Severity: LOW (2.6)
References:
- APPLE-SA-2014-10-16-3
- APPLE-SA-2014-10-16-3
- http://linux.oracle.com/errata/ELSA-2014-1244
- http://linux.oracle.com/errata/ELSA-2014-1244
- FEDORA-2014-0858
- FEDORA-2014-0858
- FEDORA-2014-0811
- FEDORA-2014-0811
- SUSE-SU-2015:0480
- SUSE-SU-2015:0480
- openSUSE-SU-2014:0199
- openSUSE-SU-2014:0199
- openSUSE-SU-2014:0202
- openSUSE-SU-2014:0202
- HPSBUX02961
- HPSBUX02961
- SSRT101420
- SSRT101420
- 101973
- 101973
- RHSA-2014:0043
- RHSA-2014:0043
- 56425
- 56425
- 56427
- 56427
- 56442
- 56442
- 56493
- 56493
- 56522
- 56522
- 56574
- 56574
- 56871
- 56871
- 61117
- 61117
- 61199
- 61199
- 61343
- 61343
- DSA-3023
- DSA-3023
- FreeBSD-SA-14:04
- FreeBSD-SA-14:04
- MDVSA-2014:002
- MDVSA-2014:002
- 64801
- 64801
- 1029589
- 1029589
- SSA:2014-175-01
- SSA:2014-175-01
- SSA:2014-028-01
- SSA:2014-028-01
- USN-2081-1
- USN-2081-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1051717
- https://bugzilla.redhat.com/show_bug.cgi?id=1051717
- https://kb.isc.org/article/AA-01078
- https://kb.isc.org/article/AA-01078
- https://kb.isc.org/article/AA-01085
- https://kb.isc.org/article/AA-01085
- https://support.apple.com/kb/HT6536
- https://support.apple.com/kb/HT6536