1
PublicDateAtUSN: 2015-02-18
2
Candidate: CVE-2015-1349
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1349
6
https://kb.isc.org/article/AA-01235
7
https://usn.ubuntu.com/usn/usn-2503-1
9
named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before
10
9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled,
11
allows remote attackers to cause a denial of service (assertion failure and
12
daemon exit, or daemon crash) by triggering an incorrect trust-anchor
13
management scenario in which no key is ready for use.
16
mdeslaur> code in lucid doesn't look vulnerable
19
Discovered-by: Jan-Piet Mens
23
upstream_bind9: needs-triage
24
lucid_bind9: not-affected
25
precise_bind9: released (1:9.8.1.dfsg.P1-4ubuntu0.10)
26
trusty_bind9: released (1:9.9.5.dfsg-3ubuntu0.2)
27
utopic_bind9: released (1:9.9.5.dfsg-4.3ubuntu0.2)
28
devel_bind9: released (1:9.9.5.dfsg-8ubuntu1)