[SECURITY] Fedora 19 Update: maradns-2.0.09-1.fc19
updates at fedoraproject.org
updates at fedoraproject.org
Thu Apr 3 04:02:14 UTC 2014
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2014-2439
2014-02-14 06:32:18
--------------------------------------------------------------------------------
Name : maradns
Product : Fedora 19
Version : 2.0.09
Release : 1.fc19
URL : http://www.maradns.org/
Summary : Authoritative and recursive DNS server made with security in mind
Description :
MaraDNS is a package that implements the Domain Name Service (DNS), an
essential internet service. MaraDNS has the following advantages:
* Secure.
* Supported.
* Easy to use.
* Small.
* Open Source.
--------------------------------------------------------------------------------
Update Information:
There has been a long-standing bug in Deadwood (ever since 2007) where
bounds checking for strings was not correctly done under some
circumstances.
Because of this, it has been possible to send Deadwood a "packet of
death" which will crash Deadwood. Since the attack causes
out-of-bounds memory to be read, but not written to, the impact of the
bug is denial of service. It appears this attack can only be exploited
by an IP with permission to perform recursive queries against
Deadwood.
Note that this bug only affects users of the Deadwood recursive resolver.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Feb 13 2014 Tomasz Torcz <ttorcz at fedoraproject.org> - 2.0.09-1
- new release, fixing denial-of-service vulnerability
( http://samiam.org/blog/2014-02-12.html )
* Thu Jan 16 2014 Tomasz Torcz <ttorcz at fedoraproject.org> - 2.0.08-1
- new upstream release ( http://samiam.org/blog/2014-01-14.html )
* Mon Dec 2 2013 Tomasz Torcz <ttorcz at fedoraproject.org> - 2.0.07d-1
- fix against possible blind spoof attack
* Sun Oct 13 2013 Tomasz Torcz <ttorcz at fedoraproject.org> - 2.0.07c-2
- refresh systemd patch, introduce additional deps on network-online (#1015282)
* Sat Sep 21 2013 Tomasz Torcz <ttorcz at fedoraproject.org> - 2.0.07c-1
- new upstream version
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1064750 - maradns-2.0.09 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1064750
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update maradns' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list