Debian dind't enable bind9 stats so it's not vulnerable. Ondřej Surý
On 21. 8. 2012, at 22:40, Jeroen Massar <jer...@unfix.org> wrote: > Package: nsd3 > Severity: critical > > 3.2.13 is out for a month already, might be nice to get an updated > package... > > Greets, > Jeroen > > -- > > https://www.nlnetlabs.nl/projects/nsd/ > {{{ > > NSD 3.2.13 > Jul 27, 2012 > Bugfixes > Bugfix #461 (VU#517036 CVE-2012-2979): NSD denial of service > vulnerability from DNS packet when using --enable-zone-stats. > Bugfix #460: man page correction - identity. > Fix for nsd-patch segfault if zone has been removed from nsd.conf > (thanks Ilya Bakulin) > > NSD 3.2.12 > Jul 19, 2012 > Bugfixes > Fix for VU#624931 CVE-2012-2978: NSD denial of service vulnerability > from non-standard DNS packet from any host on the internet. > > NSD 3.2.11 > Jul 9, 2012 > Features > Fallback to AXFR if IXFR is unknown at the primary. NSD considers IXFR > unknown at the primary if there is a negative response for the IXFR > RRtype. This does not override the value for 'allow-axfr-fallback'. > Allow for reading in new DNSKEY algorithm mnemonics (RFC5155, RFC5702, > RFC5933, and RFC6605 (ECDSA)). > Zone statistics, enable with --enable-zone-stats. This stores the BIND8 > stats per zone in a configurable statistics file. This option does not > scale and should therefore not be enabled when serving many zones. > Support for TLSA RRtype (DANE). > Bugfixes > Fix for qtype ANY for a wildcard domain in NSEC signed zone: Don't add > the wildcard domain NSEC into the answer section. Instead, put the > wildcard expanded NSEC into the answer section and keep the wildcard > domain NSEC in the authority section. > Fix for accept spinning reported by OpenBSD. > Fix restart failed due to bad ixfr packet because of zone removed from > nsd.conf. > Bugfix #453: typo in nsdc man page. > }}} -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
