-
Committer:
Bazaar Package Importer
-
Author(s):
Martin Pitt, CVE-2006-4096
-
Date:
2006-09-07 14:03:41 UTC
-
Revision ID:
james.westby@ubuntu.com-20060907140341-7vqgxb48bd95xkxf
Tags: 1:9.2.4-1ubuntu1.1
* SECURITY UPDATE:
* lib/dns/resolver.c: Ported upstream patch from 9.3.2-P1 (thanks to LaMont
Jones for doing that) to fix the following flaws:
- A remote user (DNS server) can send specially crafted RRset responses in
return to a recursive SIG query to cause the requesting named service to
crash [CVE-2006-4095].
- A remote user can also send specially crafted queries to trigger an
INSIST failure and cause the requesting service(s) to crash
[CVE-2006-4096].