[security-announce] Security update Bind: Fix for CVE-2014-8500

Sona Sarmadi sona.sarmadi at enea.com
Tue Dec 30 09:26:56 CET 2014


===================================================================
Product/package: Bind
Severity: Critical
CVE Name: CVE-2014-8500,  A Defect in Delegation Handling Can Be Exploited to Crash BIND
=================================================================== 

A security patch that fixes CVE-2014-8500 is now available at " http://linux.enea.com/4.0/patches" folder. 

How to apply the patch
==================
If you don't have installed the Enea Linux 4.0 Release:

# wget http://linux.enea.com/4.0/Enea-Linux-4.0.tar.gz
# tar zxvf Enea-Linux-4.0.tar.gz

If you have already installed the Enea Linux 4.0 Release:

# cd Enea-Linux-4.0/poky
# wget http://linux.enea.com/4.0/patches/0007-bind-fix-for-CVE-2014-8500.patch
# patch -p1 < ./0007-bind-fix-for-CVE-2014-8500.patch


References
==========
https://kb.isc.org/article/AA-01216/74/CVE-2014-8500%3A-A-Defect-in-Delegation-Handling-Can-Be-Exploited-to-Crash-BIND.html 
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8500


If you have any questions regarding the security patches and security updates please contact security at enea.com. 

ESRT (Enea Security Response Team)

Enea
Jan Stenbecks torg 17,
Box 1033, SE-164 21 Kista, Sweden
Direct: +46 8 5071  4475
Mobile: +46 70 971 4475
sona.sarmadi at enea.com
www.enea.com 

This message, including attachments, is CONFIDENTIAL. It may also be privileged or otherwise protected by law. If you received this email by mistake please let us know by reply and then delete it from your system; you should not copy it or disclose its contents to anyone.




More information about the security-announce mailing list