| Errata ID | 350 |
|---|---|
| Date | 2015-08-07 |
| Source package | bind9 |
| Fixed in version | 1:9.8.4.dfsg.P1-6+nmu2.113.201508061528 |
| Description | The DNS server bind9 has been updated to the new release 9.8.4-P1 which is covered by security maintenance in Debian wheezy. It replaces the bind9 version 9.8.0-P4 distributed with previous releases of UCS 3.2. These vulernabilities have been fixed in bind9: * Missing error handling in delegation handling could lead to denial of service against named (CVE-2014-8500). * Denial of service when DNSSEC validation and the managed-keys feature are enabled (CVE-2015-1349). Both not enabled in UCS by default. * Denial of service: crash in DNSSEC validation of specially crafted zone data (CVE-2015-4620). Not enabled in UCS by default. * An error in handling TKEY queries could be used to trigger a REQUIRE assertion failure leading to denial of service against named (CVE-2015-5477). For the full list of changes from bind9 9.8.0-P4 to 9.8.4-P1 see: * https://kb.isc.org/article/AA-00446/81/BIND-9.8.1-Release-Notes.html * https://kb.isc.org/article/AA-00645/81/BIND-9.8.2-Release-Notes.html * https://kb.isc.org/article/AA-00670/81/BIND-9.8.3-Release-Notes.html * https://kb.isc.org/article/AA-00797/81/BIND-9.8.4-Release-Notes.html * https://kb.isc.org/article/AA-00830/81/BIND-9.8.4-P1-Release-Notes.html |
| Additional notes | |
| CVE ID | CVE-2014-8500 CVE-2015-1349 CVE-2015-4620 CVE-2015-5477 |
| UCS Bug number | #37247 |
