FreeBSD Security Advisory FreeBSD-SA-13:04.bind

Husnu Demir hdemir at metu.edu.tr
Wed Apr 3 10:01:58 UTC 2013 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Sorry My mistake.

hdemir.


On 03-04-2013 12:48, Husnu Demir wrote:
> Merve,
> 
> Bind kullandigimiz yerlerin guncellenmesini saglar misiniz?
> 
> hdemir.
> 
> 
> On 02-04-2013 21:04, FreeBSD Security Advisories wrote:
>> =============================================================================
>
>> 
> 
> FreeBSD-SA-13:04.bind
> Security Advisory
>> The FreeBSD Project
> 
>> Topic:          BIND remote denial of service
> 
>> Category:       contrib Module:         bind Announced: 
>> 2013-04-02 Credits:        Matthew Horsfall of Dyn, Inc.
>> Affects: FreeBSD 8.4-BETA1 and FreeBSD 9.x Corrected:
>> 2013-03-28 05:35:46 UTC (stable/8, 8.4-BETA1) 2013-03-28 05:39:45
>> UTC (stable/9, 9.1-STABLE) 2013-04-02 17:34:42 UTC (releng/9.0, 
>> 9.0-RELEASE-p7) 2013-04-02 17:34:42 UTC (releng/9.1, 
>> 9.1-RELEASE-p2) CVE Name:       CVE-2013-2266
> 
>> For general information regarding FreeBSD Security Advisories, 
>> including descriptions of the fields above, security branches,
>> and the following sections, please visit 
>> <URL:http://security.FreeBSD.org/>.
> 
>> I.   Background
> 
>> BIND 9 is an implementation of the Domain Name System (DNS) 
>> protocols. The named(8) daemon is an Internet Domain Name
>> Server. The libdns library is a library of DNS protocol support
>> functions.
> 
>> II.  Problem Description
> 
>> A flaw in a library used by BIND allows an attacker to 
>> deliberately cause excessive memory consumption by the named(8) 
>> process.  This affects both recursive and authoritative servers.
> 
>> III. Impact
> 
>> A remote attacker can cause the named(8) daemon to consume all 
>> available memory and crash, resulting in a denial of service. 
>> Applications linked with the libdns library, for instance
>> dig(1), may also be affected.
> 
>> IV.  Workaround
> 
>> No workaround is available, but systems not running named(8) 
>> service and not using base system DNS utilities are not
>> affected.
> 
>> V.   Solution
> 
>> Perform one of the following:
> 
>> 1) Upgrade your vulnerable system to a supported FreeBSD stable
>> or release / security branch (releng) dated after the correction 
>> date.
> 
>> 2) To update your vulnerable system via a source code patch:
> 
>> The following patches have been verified to apply to the 
>> applicable FreeBSD release branches.
> 
>> a) Download the relevant patch from the location below, and
>> verify the detached PGP signature using your PGP utility.
> 
>> # fetch http://security.FreeBSD.org/patches/SA-13:04/bind.patch
>> # fetch
>> http://security.FreeBSD.org/patches/SA-13:04/bind.patch.asc # gpg
>> --verify bind.patch.asc
> 
>> b) Execute the following commands as root:
> 
>> # cd /usr/src # patch < /path/to/patch
> 
>> Recompile the operating system using buildworld and installworld 
>> as described in 
>> <URL:http://www.FreeBSD.org/handbook/makeworld.html>.
> 
>> Restart the named daemon, or reboot the system.
> 
>> 3) To update your vulnerable system via a binary patch:
> 
>> Systems running a RELEASE version of FreeBSD on the i386 or amd64
>>  platforms can be updated via the freebsd-update(8) utility:
> 
>> # freebsd-update fetch # freebsd-update install
> 
>> VI.  Correction details
> 
>> The following list contains the revision numbers of each file
>> that was corrected in FreeBSD.
> 
>> Branch/path Revision 
>> -------------------------------------------------------------------------
>
>> 
> 
> stable/8/
> r248807
>> stable/9/ r248808 releng/9.0/ r249029 releng/9.1/ r249029 
>> -------------------------------------------------------------------------
>
>>  VII. References
> 
>> https://kb.isc.org/article/AA-00871
> 
>> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2266
> 
>> The latest revision of this advisory is available at 
>> http://security.FreeBSD.org/advisories/FreeBSD-SA-13:04.bind.asc
>>  _______________________________________________ 
>> freebsd-security at freebsd.org mailing list 
>> http://lists.freebsd.org/mailman/listinfo/freebsd-security To 
>> unsubscribe, send any mail to 
>> "freebsd-security-unsubscribe at freebsd.org"
> 
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQEcBAEBAgAGBQJRW/4TAAoJEISpBAM51qlEpp8IAMt9BAElqcEJPC/LMFeM02m6
YUD4PK1r4cCDYinx3cfJkvWFEB0ogyLTOPC8xm/yqqW33WzyeXa9hamGqdNP+64q
Zwp1prymEzfqnhtrv+j8NNkdfx7GJ4+eTdSnd/692L80rf6Dm6fgM4pahYjRpkDD
iQc2PGnwfbz3hrNQTTRm9wKbympt/DcGJkWAvgU7JCWFBGS0icHuyCGBVVDNDtdn
Fdc4jH9if9AO/s3YKWs8pRC8+9Me79AGAAsUSBA00rmsjF0NzAqDuL4mddNuZAPD
/7xzwCRhgDVBa1kqYd8ek5u1dL6faD4BVonAJ2Oj6qwofwxDbGi+NWVsLXgHDBU=
=Fb6p
-----END PGP SIGNATURE-----

More information about the freebsd-security mailing list