pkgsrc-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

pkg/46727: CVE-2012-2978 - denial of service for net/nsd

>Number:         46727
>Category:       pkg
>Synopsis:       CVE-2012-2978 - denial of service for net/nsd
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Jul 20 02:15:00 +0000 2012
>Originator:     Lloyd Parkes
>Release:        6.0_BETA2
Must Have Coffee
NetBSD 6.0_BETA2 NetBSD 6.0_BETA2 
(XEN3PAE_DOMU) #0: Mon Jun 18 04:48:20 NZST 2012  
lloyd@bob:/vol/scratch/build6/obj.i386/sys/arch/i386/compile/XEN3PAE_DOMU i386
Marek Vavruša and Lubos Slovak discovered that NSD, an authoritative
domain name server, is not properly handling non-standard DNS packets.
his can result in a NULL pointer dereference and crash the handling
process. A remote attacker can abuse this flaw to perform denial of
service attacks.

Update to version 3.2.12 of nsd. No changes need to be made to our package 
patches. The new distinfo is:

  SHA1 (nsd-3.2.12.tar.gz) = dd8606a05525f6a493dfacb7ddfa7e1fa3c6a85b
  RMD160 (nsd-3.2.12.tar.gz) = e73cb29c51d7bec6fd83b3a8571a72773ea5696e
  Size (nsd-3.2.12.tar.gz) = 889490 bytes

Home | Main Index | Thread Index | Old Index