BugTraq
[ GLSA 201110-12 ] Unbound: Denial of Service Oct 15 2011 09:22AM
Tobias Heinlein (keytoaster gentoo org)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201110-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Unbound: Denial of Service
Date: October 15, 2011
Bugs: #309117, #368981
ID: 201110-12

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple Denial of Service vulnerabilities were found in Unbound.

Background
==========

Unbound is a validating, recursive, and caching DNS resolver.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-dns/unbound < 1.4.10 >= 1.4.10

Description
===========

Multiple vulnerabilities have been discovered in unbound. Please review
the CVE identifiers referenced below for details.

Impact
======

A remote attacker could cause a Denial of Service.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Unbound users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-dns/unbound-1.4.10"

References
==========

[ 1 ] CVE-2010-0969
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0969
[ 2 ] CVE-2011-1922
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1922

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201110-12.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security (at) gentoo (dot) org [email concealed] or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2011 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJOmVDvAAoJEByNLmvcM7Du7rgP/A54ysFVPhAevBRaYeTgUvL6
5ugNoHSyomDESDxC0eTq7uny1884U4Uk7SupNY/IpJgmJZ86fVRFv/4QbaqXy/pW
3BEWSziqI+0mn1l9J7WOHz4tQavA/luBWf/WJJi0Q5hVQcpzeoy4EHZhTtQEbZAz
h6bl16GrCUsiJAOO9ZBoevX11ZCUxWomDvVblGBuy8hwGadScx7taWo7Np+Nmznh
Qbn50hqEaBHGhKyOI7+DVupwYL54jJki6CkLVq9GTKQXa0s9FYpUJ4ETGhJgLic+
uji/M/27tBfquHTHYhUU3B/TnJFWmrXgOOy7ocvQ18E1Gv3FTgRbfKbomp7xjcm4
9yczoxdpq4NAUQbxCWO2GpOliEhiIM2nqYuVFmuiAemCjPK9VrfrTp/HEuI1zpMO
Hnw2Psa1Rr9z+2xwCBzJ1h9xBN23bSvu6pKNdBbbhygrw0GKqjDdFx6cbgJ3znin
6NFdloohio2UzJ6JIVK1QeeRFO1C9i2Jas7kNGVeXYaMtBtTug0AUBi9HxoJDuzp
lf99f0+MWD99Y4Pz0zzZ4tZYrFsV/PE9vAILKKu4QVoEqihNxZUEzs9v6nw7+wq8
4XvVolFaisvi4kawB6BqGDVgVEEFFJzerfXdJ4LZG4IwE8wqWaqQXVF9x9ufslNb
0eSxbmie50DtpbWqimVI
=1Jsj
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus