Novell Home

CVE-2013-2266

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2013-2266 at MITRE

Description

libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as demonstrated by a memory-exhaustion attack against a machine running a named process.

NVD CVSS v2 Base Score: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)

Novell/SUSE information

Note from the SUSE Security Team

The BIND nameserver is only affected in versions 9.7 or later according to ISC... The Bind 9.6ESV versions currently shipping in SUSE Linux Enterprise are not affected by this problem.,The BIND nameserver is only affected in versions 9.7 or later according to ISC... The Bind 9.6ESV versions currently shipping in SUSE Linux Enterprise are not affected by this problem.

Novell Bugzilla entries: 811876, 811934

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Software Development Kit 11 SP2
  • dhcp-devel >= 4.2.4.P2-0.11.13.1
Builds
SAT Patch Nr: 7571
SUSE Linux Enterprise Desktop 11 SP2
  • dhcp >= 4.2.4.P2-0.11.13.1
  • dhcp-client >= 4.2.4.P2-0.11.13.1
Builds
SAT Patch Nr: 7571
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP2 for VMware
  • dhcp >= 4.2.4.P2-0.11.13.1
  • dhcp-client >= 4.2.4.P2-0.11.13.1
  • dhcp-relay >= 4.2.4.P2-0.11.13.1
  • dhcp-server >= 4.2.4.P2-0.11.13.1
Builds
SAT Patch Nr: 7571

© 2014 Novell