Alert GCSA-13023 - Vulnerabilita' in ISC BIND
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-13023
Data : 3 Aprile 2013
Titolo : Vulnerabilita' in ISC BIND
******************************************************************
:: Descrizione del problema
E' stata rilasciata una nuova versione del server DNS ISC BIND,
con la quale vengono risolte varie vulnerabilita'.
E' stata anche pubblicata una nuova vulnerabilita' (cve-2013-2266)
che puo' consentire ad un aggressore remoto di provocare
una condizione di denial of service attraverso un consumo
eccessivo di memoria da parte del processo named.
Il problema puo' essere risolto disabilitando
il controllo delle espressioni regolari RDATA.
:: Software interessato
BIND 9.9.2-P1
http://www.isc.org/software/bind/security/matrix
:: Impatto
Denial of Service
:: Soluzioni
Aggiornare BIND ad una delle seguenti versioni
BIND 9.9.2-P2
BIND 9.8.4-P2
compilare senza il supporto per le espressioni regolari
http://www.isc.org/software/bind
http://www.isc.org/downloads/all
http://www.isc.org/software/bind/versions
:: Riferimenti
ISC BIND Advisory
http://www.isc.org/software/bind/advisories/cve-2013-2266
https://kb.isc.org/article/AA-00889
https://kb.isc.org/article/AA-00871
https://www.isc.org/advisories/bind
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5688
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3817
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1667
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3868
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2266
Red Hat Advisory
https://rhn.redhat.com/errata/RHSA-2013-0689.html
https://rhn.redhat.com/errata/RHSA-2013-0690.html
Ubuntu Security Notice
http://www.ubuntu.com/usn/usn-1783-1
Debian Security Advisory
http://www.debian.org/security/2013/dsa-2656
FreeBSD Security Advisory
http://security.FreeBSD.org/advisories/FreeBSD-SA-13:04.bind.asc
GARR CERT Newsletter subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFRXFRJwZxMk2USYEIRAm1RAJ9qqPwdZJTyXbJ6jjSJRglVMvvdjQCfcmg5
74AXR32376KWDhfrmY5torc=
=Ic6U
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-13023
Data : 3 Aprile 2013
Titolo : Vulnerabilita' in ISC BIND
******************************************************************
:: Descrizione del problema
E' stata rilasciata una nuova versione del server DNS ISC BIND,
con la quale vengono risolte varie vulnerabilita'.
E' stata anche pubblicata una nuova vulnerabilita' (cve-2013-2266)
che puo' consentire ad un aggressore remoto di provocare
una condizione di denial of service attraverso un consumo
eccessivo di memoria da parte del processo named.
Il problema puo' essere risolto disabilitando
il controllo delle espressioni regolari RDATA.
:: Software interessato
BIND 9.9.2-P1
http://www.isc.org/software/bind/security/matrix
:: Impatto
Denial of Service
:: Soluzioni
Aggiornare BIND ad una delle seguenti versioni
BIND 9.9.2-P2
BIND 9.8.4-P2
compilare senza il supporto per le espressioni regolari
http://www.isc.org/software/bind
http://www.isc.org/downloads/all
http://www.isc.org/software/bind/versions
:: Riferimenti
ISC BIND Advisory
http://www.isc.org/software/bind/advisories/cve-2013-2266
https://kb.isc.org/article/AA-00889
https://kb.isc.org/article/AA-00871
https://www.isc.org/advisories/bind
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5688
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3817
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1667
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3868
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2266
Red Hat Advisory
https://rhn.redhat.com/errata/RHSA-2013-0689.html
https://rhn.redhat.com/errata/RHSA-2013-0690.html
Ubuntu Security Notice
http://www.ubuntu.com/usn/usn-1783-1
Debian Security Advisory
http://www.debian.org/security/2013/dsa-2656
FreeBSD Security Advisory
http://security.FreeBSD.org/advisories/FreeBSD-SA-13:04.bind.asc
GARR CERT Newsletter subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFRXFRJwZxMk2USYEIRAm1RAJ9qqPwdZJTyXbJ6jjSJRglVMvvdjQCfcmg5
74AXR32376KWDhfrmY5torc=
=Ic6U
-----END PGP SIGNATURE-----