*** This bug is a security vulnerability ***
Public security bug reported:
Package : unbound
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-4528 CVE-2011-4869
It was discovered that Unbound, a recursive DNS resolver, would crash
when processing certain malformed DNS responses from authoritative DNS
servers, leading to denial of service.
CVE-2011-4528
Unbound attempts to free unallocated memory during processing
of duplicate CNAME records in a signed zone.
CVE-2011-4869
Unbound does not properly process malformed responses which
lack expected NSEC3 records.
** Affects: unbound (Ubuntu)
Importance: Medium
Status: New
** Visibility changed to: Public
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-4528
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-4869
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/907983
Title:
Multiple security issues with unbound [DSA 2370-1]
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/unbound/+bug/907983/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
