Date: Wed, 03 Apr 2013 13:01:55 +0300 From: Husnu Demir <hdemir@metu.edu.tr> To: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-13:04.bind Message-ID: <515BFE13.9040000@metu.edu.tr> In-Reply-To: <515BFAF8.4010205@metu.edu.tr> References: <201304021804.r32I4CAc046022@freefall.freebsd.org> <515BFAF8.4010205@metu.edu.tr>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sorry My mistake. hdemir. On 03-04-2013 12:48, Husnu Demir wrote: > Merve, > > Bind kullandigimiz yerlerin guncellenmesini saglar misiniz? > > hdemir. > > > On 02-04-2013 21:04, FreeBSD Security Advisories wrote: >> ============================================================================= > >> > > FreeBSD-SA-13:04.bind > Security Advisory >> The FreeBSD Project > >> Topic: BIND remote denial of service > >> Category: contrib Module: bind Announced: >> 2013-04-02 Credits: Matthew Horsfall of Dyn, Inc. >> Affects: FreeBSD 8.4-BETA1 and FreeBSD 9.x Corrected: >> 2013-03-28 05:35:46 UTC (stable/8, 8.4-BETA1) 2013-03-28 05:39:45 >> UTC (stable/9, 9.1-STABLE) 2013-04-02 17:34:42 UTC (releng/9.0, >> 9.0-RELEASE-p7) 2013-04-02 17:34:42 UTC (releng/9.1, >> 9.1-RELEASE-p2) CVE Name: CVE-2013-2266 > >> For general information regarding FreeBSD Security Advisories, >> including descriptions of the fields above, security branches, >> and the following sections, please visit >> <URL:http://security.FreeBSD.org/>. > >> I. Background > >> BIND 9 is an implementation of the Domain Name System (DNS) >> protocols. The named(8) daemon is an Internet Domain Name >> Server. The libdns library is a library of DNS protocol support >> functions. > >> II. Problem Description > >> A flaw in a library used by BIND allows an attacker to >> deliberately cause excessive memory consumption by the named(8) >> process. This affects both recursive and authoritative servers. > >> III. Impact > >> A remote attacker can cause the named(8) daemon to consume all >> available memory and crash, resulting in a denial of service. >> Applications linked with the libdns library, for instance >> dig(1), may also be affected. > >> IV. Workaround > >> No workaround is available, but systems not running named(8) >> service and not using base system DNS utilities are not >> affected. > >> V. Solution > >> Perform one of the following: > >> 1) Upgrade your vulnerable system to a supported FreeBSD stable >> or release / security branch (releng) dated after the correction >> date. > >> 2) To update your vulnerable system via a source code patch: > >> The following patches have been verified to apply to the >> applicable FreeBSD release branches. > >> a) Download the relevant patch from the location below, and >> verify the detached PGP signature using your PGP utility. > >> # fetch http://security.FreeBSD.org/patches/SA-13:04/bind.patch >> # fetch >> http://security.FreeBSD.org/patches/SA-13:04/bind.patch.asc # gpg >> --verify bind.patch.asc > >> b) Execute the following commands as root: > >> # cd /usr/src # patch < /path/to/patch > >> Recompile the operating system using buildworld and installworld >> as described in >> <URL:http://www.FreeBSD.org/handbook/makeworld.html>. > >> Restart the named daemon, or reboot the system. > >> 3) To update your vulnerable system via a binary patch: > >> Systems running a RELEASE version of FreeBSD on the i386 or amd64 >> platforms can be updated via the freebsd-update(8) utility: > >> # freebsd-update fetch # freebsd-update install > >> VI. Correction details > >> The following list contains the revision numbers of each file >> that was corrected in FreeBSD. > >> Branch/path Revision >> ------------------------------------------------------------------------- > >> > > stable/8/ > r248807 >> stable/9/ r248808 releng/9.0/ r249029 releng/9.1/ r249029 >> ------------------------------------------------------------------------- > >> VII. References > >> https://kb.isc.org/article/AA-00871 > >> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2266 > >> The latest revision of this advisory is available at >> http://security.FreeBSD.org/advisories/FreeBSD-SA-13:04.bind.asc >> _______________________________________________ >> freebsd-security@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-security To >> unsubscribe, send any mail to >> "freebsd-security-unsubscribe@freebsd.org" > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iQEcBAEBAgAGBQJRW/4TAAoJEISpBAM51qlEpp8IAMt9BAElqcEJPC/LMFeM02m6 YUD4PK1r4cCDYinx3cfJkvWFEB0ogyLTOPC8xm/yqqW33WzyeXa9hamGqdNP+64q Zwp1prymEzfqnhtrv+j8NNkdfx7GJ4+eTdSnd/692L80rf6Dm6fgM4pahYjRpkDD iQc2PGnwfbz3hrNQTTRm9wKbympt/DcGJkWAvgU7JCWFBGS0icHuyCGBVVDNDtdn Fdc4jH9if9AO/s3YKWs8pRC8+9Me79AGAAsUSBA00rmsjF0NzAqDuL4mddNuZAPD /7xzwCRhgDVBa1kqYd8ek5u1dL6faD4BVonAJ2Oj6qwofwxDbGi+NWVsLXgHDBU= =Fb6p -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?515BFE13.9040000>