Bug 858639 - (CVE-2014-0591) VUL-0: CVE-2014-0591: bind: named crash when handling malformed NSEC3-signed zones
(CVE-2014-0591)
VUL-0: CVE-2014-0591: bind: named crash when handling malformed NSEC3-signed ...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
maint:running:55990:moderate maint:r...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-01-14 09:29 UTC by Sebastian Krahmer
Modified: 2015-03-11 19:05 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Swamp Workflow Management 2014-01-14 23:00:21 UTC
bugbot adjusting priority
Comment 3 Reinhard Max 2014-01-22 16:45:29 UTC
Submitted to 12.3, 13.1, SLE-10-SP4, SLE-11, SLE-11-SP2 and Factory. SLE12 will follow.

bind-9.3.4 which is contained in SLE-9-SP3-teradata and SLE-10-SP3 is not listed as vulnerable in the NIST link above.
Comment 5 Bernhard Wiedemann 2014-01-22 17:00:10 UTC
This is an autogenerated message for OBS integration:
This bug (858639) was mentioned in
https://build.opensuse.org/request/show/214727 13.1+12.3 / bind
Comment 6 Bernhard Wiedemann 2014-01-24 11:00:10 UTC
This is an autogenerated message for OBS integration:
This bug (858639) was mentioned in
https://build.opensuse.org/request/show/215020 Factory / bind
Comment 8 Ruediger Oertel 2014-01-30 10:06:30 UTC
there is a patchinfo pending for sle10-sp3 which is not vulnerable
according to comment#3

can you cancel the patchinfo ?
Comment 9 Swamp Workflow Management 2014-01-31 18:54:24 UTC
Update released for: bind, bind-chrootenv, bind-debuginfo, bind-debugsource, bind-devel, bind-doc, bind-libs, bind-libs-32bit, bind-libs-64bit, bind-libs-x86, bind-lwresd, bind-utils
Products:
SLE-DEBUGINFO 11-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11-SP2 (i386, x86_64)
SLE-SDK 11-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLES4VMWARE 11-SP2 (i386, x86_64)
Comment 10 Swamp Workflow Management 2014-01-31 20:29:18 UTC
Update released for: bind, bind-chrootenv, bind-debuginfo, bind-debugsource, bind-devel, bind-doc, bind-libs, bind-lwresd, bind-utils
Products:
SLE-SERVER 11-SP1-TERADATA (x86_64)
Comment 11 Swamp Workflow Management 2014-01-31 20:49:31 UTC
Update released for: bind, bind-chrootenv, bind-debuginfo, bind-debugsource, bind-devel, bind-doc, bind-libs, bind-libs-32bit, bind-libs-64bit, bind-libs-x86, bind-lwresd, bind-utils
Products:
SLE-DEBUGINFO 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11-SP3 (i386, x86_64)
SLE-SDK 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLES4VMWARE 11-SP3 (i386, x86_64)
Comment 12 Swamp Workflow Management 2014-02-01 00:04:23 UTC
SUSE-SU-2014:0179-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 858639
CVE References: CVE-2014-0591
Sources used:
SUSE Linux Enterprise Software Development Kit 11 SP3 (src):    bind-9.9.4P2-0.6.1
SUSE Linux Enterprise Software Development Kit 11 SP2 (src):    bind-9.9.4P2-0.6.1
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    bind-9.9.4P2-0.6.1
SUSE Linux Enterprise Server 11 SP3 (src):    bind-9.9.4P2-0.6.1
SUSE Linux Enterprise Server 11 SP2 for VMware (src):    bind-9.9.4P2-0.6.1
SUSE Linux Enterprise Server 11 SP2 (src):    bind-9.9.4P2-0.6.1
SUSE Linux Enterprise Desktop 11 SP3 (src):    bind-9.9.4P2-0.6.1
SUSE Linux Enterprise Desktop 11 SP2 (src):    bind-9.9.4P2-0.6.1
Comment 13 Marcus Meissner 2014-02-17 09:34:52 UTC
was released
Comment 15 Swamp Workflow Management 2015-03-11 19:05:19 UTC
SUSE-SU-2015:0480-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 743758,858639,908994
CVE References: CVE-2014-0591,CVE-2014-8500
Sources used:
SUSE Linux Enterprise Server 11 SP1 LTSS (src):    bind-9.6ESVR11W1-0.2.1