Debian Security Advisory
DSA-3162-1 bind9 -- security update
- Date Reported:
- 18 Feb 2015
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2015-1349.
- More information:
Jan-Piet Mens discovered that the BIND DNS server would crash when processing an invalid DNSSEC key rollover, either due to an error on the zone operator's part, or due to interference with network traffic by an attacker. This issue affects configurations with the directives "dnssec-validation auto;" (as enabled in the Debian default configuration) or "dnssec-lookaside auto;".
For the stable distribution (wheezy), this problem has been fixed in version 1:9.8.4.dfsg.P1-6+nmu2+deb7u4.
We recommend that you upgrade your bind9 packages.