[Secure-testing-team] Bug#830810: bind9: CVE-2016-6170: Improper restriction of zone size limit
Salvatore Bonaccorso
carnil at debian.org
Mon Jul 11 19:01:31 UTC 2016
Source: bind9
Version: 1:9.9.5.dfsg-9
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for bind9.
CVE-2016-6170[0]:
| ISC BIND through 9.10.4-P1 allows primary DNS servers to cause a
| denial of service (secondary DNS server crash) via a large AXFR
| response, and possibly allows IXFR servers to cause a denial of
| service (IXFR client crash) via a large IXFR response and allows
| remote authenticated users to cause a denial of service (primary DNS
| server crash) via a large UPDATE message.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-6170
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1353563
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the Secure-testing-team
mailing list