Summary: | <net-dns/bind-9.9.2_p2: Regular Expression Handling Denial of Service Vulnerability (CVE-2013-2266) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | axiator, idl0r |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://secunia.com/advisories/52782/ | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2013-03-27 15:24:17 UTC
9.9.2-P2 has been added. (In reply to comment #1) > 9.9.2-P2 has been added. Thanks, Christian. Is this ready for stabilization? (In reply to comment #2) > (In reply to comment #1) > > 9.9.2-P2 has been added. > > Thanks, Christian. Is this ready for stabilization? Yes. Arches, please test and mark stable: =net-dns/bind-9.9.2_p2 Target KEYWORDS: "alpha amd64 arm hppa ia64 ~mips ppc ppc64 s390 sh sparc x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" amd64 stable x86 stable Stable for HPPA. CVE-2013-2266 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2266): libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as demonstrated by a memory-exhaustion attack against a machine running a named process. ppc stable ppc64 stable alpha stable arm stable ia64 stable sparc stable s390 stable sh stable Added to existing GLSA draft. This issue was resolved and addressed in GLSA 201401-34 at http://security.gentoo.org/glsa/glsa-201401-34.xml by GLSA coordinator Sean Amoss (ackle). |