pkg/46727: CVE-2012-2978 - denial of service for net/nsd

To: pkg-manager%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,pkgsrc-bugs%netbsd.org@localhost
Subject: pkg/46727: CVE-2012-2978 - denial of service for net/nsd
From: lloyd%must-have-coffee.gen.nz@localhost
Date: Fri, 20 Jul 2012 02:15:01 +0000 (UTC)

>Number:         46727
>Category:       pkg
>Synopsis:       CVE-2012-2978 - denial of service for net/nsd
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Jul 20 02:15:00 +0000 2012
>Originator:     Lloyd Parkes
>Release:        6.0_BETA2
>Organization:
Must Have Coffee
>Environment:
NetBSD thallid.must-have-coffee.gen.nz 6.0_BETA2 NetBSD 6.0_BETA2 
(XEN3PAE_DOMU) #0: Mon Jun 18 04:48:20 NZST 2012  
lloyd@bob:/vol/scratch/build6/obj.i386/sys/arch/i386/compile/XEN3PAE_DOMU i386
>Description:
Marek VavruÅ¡a and Lubos Slovak discovered that NSD, an authoritative
domain name server, is not properly handling non-standard DNS packets.
his can result in a NULL pointer dereference and crash the handling
process. A remote attacker can abuse this flaw to perform denial of
service attacks.

>How-To-Repeat:
N/A
>Fix:
Update to version 3.2.12 of nsd. No changes need to be made to our package 
patches. The new distinfo is:

  SHA1 (nsd-3.2.12.tar.gz) = dd8606a05525f6a493dfacb7ddfa7e1fa3c6a85b
  RMD160 (nsd-3.2.12.tar.gz) = e73cb29c51d7bec6fd83b3a8571a72773ea5696e
  Size (nsd-3.2.12.tar.gz) = 889490 bytes

Prev by Date: Re: pkg/46550 ([Update]devel/py-setuptools_trial:update to 0.5.12)
Next by Date: Re: pkg/46686 (pkgsrc-2012Q1 does not reuse already build packages during install)
Previous by Thread: PR/46550 CVS commit: pkgsrc/devel/py-setuptools_trial
Next by Thread: Re: pkg/46686 (pkgsrc-2012Q1 does not reuse already build packages during install)
Indexes:

Home | Main Index | Thread Index | Old Index