Joined: 12 May 2004
|Posted: Sat Jun 02, 2012 2:26 pm Post subject: [ GLSA 201206-01 ] BIND: Multiple vulnerabilities
|Gentoo Linux Security Advisory
Title: BIND: Multiple vulnerabilities (GLSA 201206-01)
Date: June 02, 2012
Bug(s): #347621, #356223, #368863, #374201, #374623, #390753
Multiple vulnerabilities have been found in BIND, the worst of
which allowing to cause remote Denial of Service.
BIND is the Berkeley Internet Name Domain Server.
Vulnerable: < 9.7.4_p1
Unaffected: >= 9.7.4_p1
Architectures: All supported architectures
Multiple vulnerabilities have been discovered in BIND. Please review the
CVE identifiers referenced below for details.
The vulnerabilities allow remote attackers to cause a Denial of Service
(daemon crash) via a DNS query, to bypass intended access restrictions,
to incorrectly cache a ncache entry and a rrsig for the same type and to
incorrectly mark zone data as insecure.
There is no known workaround at this time.
All bind users should upgrade to the latest version:
NOTE: This is a legacy GLSA. Updates for all affected architectures are
|# emerge --sync
# emerge --ask --oneshot --verbose ">=net-dns/bind-9.7.4_p1"
available since December 22, 2011. It is likely that your system is
no longer affected by this issue.