FreeBSD Security Advisory FreeBSD-SA-13:04.bind
Husnu Demir
hdemir at metu.edu.tr
Wed Apr 3 10:01:58 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Sorry My mistake.
hdemir.
On 03-04-2013 12:48, Husnu Demir wrote:
> Merve,
>
> Bind kullandigimiz yerlerin guncellenmesini saglar misiniz?
>
> hdemir.
>
>
> On 02-04-2013 21:04, FreeBSD Security Advisories wrote:
>> =============================================================================
>
>>
>
> FreeBSD-SA-13:04.bind
> Security Advisory
>> The FreeBSD Project
>
>> Topic: BIND remote denial of service
>
>> Category: contrib Module: bind Announced:
>> 2013-04-02 Credits: Matthew Horsfall of Dyn, Inc.
>> Affects: FreeBSD 8.4-BETA1 and FreeBSD 9.x Corrected:
>> 2013-03-28 05:35:46 UTC (stable/8, 8.4-BETA1) 2013-03-28 05:39:45
>> UTC (stable/9, 9.1-STABLE) 2013-04-02 17:34:42 UTC (releng/9.0,
>> 9.0-RELEASE-p7) 2013-04-02 17:34:42 UTC (releng/9.1,
>> 9.1-RELEASE-p2) CVE Name: CVE-2013-2266
>
>> For general information regarding FreeBSD Security Advisories,
>> including descriptions of the fields above, security branches,
>> and the following sections, please visit
>> <URL:http://security.FreeBSD.org/>.
>
>> I. Background
>
>> BIND 9 is an implementation of the Domain Name System (DNS)
>> protocols. The named(8) daemon is an Internet Domain Name
>> Server. The libdns library is a library of DNS protocol support
>> functions.
>
>> II. Problem Description
>
>> A flaw in a library used by BIND allows an attacker to
>> deliberately cause excessive memory consumption by the named(8)
>> process. This affects both recursive and authoritative servers.
>
>> III. Impact
>
>> A remote attacker can cause the named(8) daemon to consume all
>> available memory and crash, resulting in a denial of service.
>> Applications linked with the libdns library, for instance
>> dig(1), may also be affected.
>
>> IV. Workaround
>
>> No workaround is available, but systems not running named(8)
>> service and not using base system DNS utilities are not
>> affected.
>
>> V. Solution
>
>> Perform one of the following:
>
>> 1) Upgrade your vulnerable system to a supported FreeBSD stable
>> or release / security branch (releng) dated after the correction
>> date.
>
>> 2) To update your vulnerable system via a source code patch:
>
>> The following patches have been verified to apply to the
>> applicable FreeBSD release branches.
>
>> a) Download the relevant patch from the location below, and
>> verify the detached PGP signature using your PGP utility.
>
>> # fetch http://security.FreeBSD.org/patches/SA-13:04/bind.patch
>> # fetch
>> http://security.FreeBSD.org/patches/SA-13:04/bind.patch.asc # gpg
>> --verify bind.patch.asc
>
>> b) Execute the following commands as root:
>
>> # cd /usr/src # patch < /path/to/patch
>
>> Recompile the operating system using buildworld and installworld
>> as described in
>> <URL:http://www.FreeBSD.org/handbook/makeworld.html>.
>
>> Restart the named daemon, or reboot the system.
>
>> 3) To update your vulnerable system via a binary patch:
>
>> Systems running a RELEASE version of FreeBSD on the i386 or amd64
>> platforms can be updated via the freebsd-update(8) utility:
>
>> # freebsd-update fetch # freebsd-update install
>
>> VI. Correction details
>
>> The following list contains the revision numbers of each file
>> that was corrected in FreeBSD.
>
>> Branch/path Revision
>> -------------------------------------------------------------------------
>
>>
>
> stable/8/
> r248807
>> stable/9/ r248808 releng/9.0/ r249029 releng/9.1/ r249029
>> -------------------------------------------------------------------------
>
>> VII. References
>
>> https://kb.isc.org/article/AA-00871
>
>> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2266
>
>> The latest revision of this advisory is available at
>> http://security.FreeBSD.org/advisories/FreeBSD-SA-13:04.bind.asc
>> _______________________________________________
>> freebsd-security at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-security To
>> unsubscribe, send any mail to
>> "freebsd-security-unsubscribe at freebsd.org"
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQEcBAEBAgAGBQJRW/4TAAoJEISpBAM51qlEpp8IAMt9BAElqcEJPC/LMFeM02m6
YUD4PK1r4cCDYinx3cfJkvWFEB0ogyLTOPC8xm/yqqW33WzyeXa9hamGqdNP+64q
Zwp1prymEzfqnhtrv+j8NNkdfx7GJ4+eTdSnd/692L80rf6Dm6fgM4pahYjRpkDD
iQc2PGnwfbz3hrNQTTRm9wKbympt/DcGJkWAvgU7JCWFBGS0icHuyCGBVVDNDtdn
Fdc4jH9if9AO/s3YKWs8pRC8+9Me79AGAAsUSBA00rmsjF0NzAqDuL4mddNuZAPD
/7xzwCRhgDVBa1kqYd8ek5u1dL6faD4BVonAJ2Oj6qwofwxDbGi+NWVsLXgHDBU=
=Fb6p
-----END PGP SIGNATURE-----
More information about the freebsd-security
mailing list