[SECURITY] Fedora 20 Update: maradns-2.0.09-1.fc20

updates at fedoraproject.org updates at fedoraproject.org
Fri Feb 14 07:49:16 UTC 2014 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2014-2421
2014-02-14 06:31:34
--------------------------------------------------------------------------------

Name        : maradns
Product     : Fedora 20
Version     : 2.0.09
Release     : 1.fc20
URL         : http://www.maradns.org/
Summary     : Authoritative and recursive DNS server made with security in mind
Description :
MaraDNS is a package that implements the Domain Name Service (DNS), an
essential internet service. MaraDNS has the following advantages:
	* Secure.
	* Supported.
	* Easy to use.
	* Small.
	* Open Source.

--------------------------------------------------------------------------------
Update Information:

There has been a long-standing bug in Deadwood (ever since 2007) where
bounds checking for strings was not correctly done under some
circumstances.

Because of this, it has been possible to send Deadwood a "packet of
death" which will crash Deadwood. Since the attack causes
out-of-bounds memory to be read, but not written to, the impact of the
bug is denial of service. It appears this attack can only be exploited
by an IP with permission to perform recursive queries against
Deadwood.

Note that this bug only affects users of the Deadwood recursive resolver.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Feb 13 2014 Tomasz Torcz <ttorcz at fedoraproject.org> - 2.0.09-1
- new release, fixing denial-of-service vulnerability  
  ( http://samiam.org/blog/2014-02-12.html )
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1064750 - maradns-2.0.09 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1064750
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update maradns' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list