CVE-2012-1667

Published: 4 June 2012

ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of service (daemon crash or data corruption) or obtain sensitive information from process memory via a crafted record.

Priority

Status

Package	Release	Status
bind9 Launchpad, Ubuntu, Debian	hardy	Released (1:9.4.2.dfsg.P2-2ubuntu0.10)
	lucid	Released (1:9.7.0.dfsg.P1-1ubuntu0.5)
	natty	Released (1:9.7.3.dfsg-1ubuntu2.4)
	oneiric	Released (1:9.7.3.dfsg-1ubuntu4.2)
	precise	Released (1:9.8.1.dfsg.P1-4ubuntu0.1)
	upstream	Released (9.6-ESV-R7-P1, 9.7.6-P1, 9.8.3-P1)

References

http://www.isc.org/software/bind/advisories/cve-2012-1667
https://ubuntu.com/security/notices/USN-1462-1
https://www.cve.org/CVERecord?id=CVE-2012-1667
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.