Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-5747-1

Ubuntu Security Notice 5747-1 - It was discovered that Bind incorrectly handled large query name when using lightweight resolver protocol. A remote attacker could use this issue to consume resources, leading to a denial of service. It was discovered that Bind incorrectly handled large zone data size received via AXFR response. A remote authenticated attacker could use this issue to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS.

Packet Storm
#vulnerability#ubuntu#dos#auth
=========================================================================Ubuntu Security Notice USN-5747-1November 29, 2022bind9 vulnerabilities=========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 16.04 ESM- Ubuntu 14.04 ESMSummary:Several security issues were fixed in Bind.Software Description:- bind9: Internet Domain Name ServerDetails:It was discovered that Bind incorrectly handled large query name when usinglightweight resolver protocol. A remote attacker could use this issue toconsume resources, leading to a denial of service. (CVE-2016-2775)It was discovered that Bind incorrectly handled large zone data sizereceived via AXFR response. A remote authenticated attacker could use thisissue to consume resources, leading to a denial of service. This issue onlyaffected Ubuntu 16.04 LTS. (CVE-2016-6170)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 16.04 ESM:  bind9                           1:9.10.3.dfsg.P4-8ubuntu1.19+esm5  lwresd                          1:9.10.3.dfsg.P4-8ubuntu1.19+esm5Ubuntu 14.04 ESM:  bind9                           1:9.9.5.dfsg-3ubuntu0.19+esm9  lwresd                          1:9.9.5.dfsg-3ubuntu0.19+esm9In general, a standard system update will make all the necessary changes.References:  https://ubuntu.com/security/notices/USN-5747-1  CVE-2016-2775, CVE-2016-6170

Packet Storm: Latest News

Ubuntu Security Notice USN-7121-3