CVE-2015-1349

Publication date 18 February 2015

Last updated 24 July 2024

Ubuntu priority

named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit, or daemon crash) by triggering an incorrect trust-anchor management scenario in which no key is ready for use.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
bind9	14.10 utopic	Fixed 1:9.9.5.dfsg-4.3ubuntu0.2
	14.04 LTS trusty	Fixed 1:9.9.5.dfsg-3ubuntu0.2
	12.04 LTS precise	Fixed 1:9.8.1.dfsg.P1-4ubuntu0.10
	10.04 LTS lucid	Not affected

How can I get the fixes?
What do statuses mean?

Notes

mdeslaur

code in lucid doesn't look vulnerable

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-2503-1
Bind vulnerability
18 February 2015

Other references

https://kb.isc.org/article/AA-01235
https://www.cve.org/CVERecord?id=CVE-2015-1349