CVE-2015-4620

Publication date 7 July 2015

Last updated 24 July 2024

Ubuntu priority

name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and 9.10.x before 9.10.2-P2, when configured as a recursive resolver with DNSSEC validation, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) by constructing crafted zone data and then making a query for a name in that zone.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
bind9	15.04 vivid	Fixed 1:9.9.5.dfsg-9ubuntu0.1
	14.10 utopic	Fixed 1:9.9.5.dfsg-4.3ubuntu0.3
	14.04 LTS trusty	Fixed 1:9.9.5.dfsg-3ubuntu0.3
	12.04 LTS precise	Fixed 1:9.8.1.dfsg.P1-4ubuntu0.11

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-2669-1
Bind vulnerability
7 July 2015

Other references

https://kb.isc.org/article/AA-01267/0
https://www.cve.org/CVERecord?id=CVE-2015-4620