-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Reference: CERT-EU Security Advisory 2014-0046

Title: BIND nameservers security update[1]

Version history:
13.08.2014 Initial publication

Summary
=======
A defect in the pre-fetch feature (which is enabled by default) can cause BIND 9.10.0 to terminate with a "REQUIRE" assertion failure if it processes queries whose answers have particular attributes.  This can be triggered as the result of normal query processing.

CVE Numbers:

CVE-2014-3214 CVSS v2 Base Score: 5.0 (MEDIUM) (AV:N/AC:L/AU:N/C:N/I:N/A:P) [2] 

Vulnerable systems
==================
BIND 9.10.0.

Impact
================
Recursive nameservers are vulnerable to this defect.  Authoritative-only servers are not at risk.  On an affected nameserver, the assertion failure, if triggered, results in an immediate exit from named, denying service to clients attempting to query the recursive server. [1].

What can you do?
================
Upgrade to the patched release which can be downloaded from http://www.isc.org/downloads.

What to tell your users?
========================
N/A

More information
================
[1] https://kb.isc.org/article/AA-01161/0
[2] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3214

Best regards,

CERT-EU Team (http://cert.europa.eu)
Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu
PGP KeyID 0x46AC4383
FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383
Privacy Statement:
http://cert.europa.eu/cert/plainedition/en/cert_privacy.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBAgAGBQJTcjjsAAoJEPpzpNLI8SVo5xcQAJXpzJgydJl+b4mr57QF9m1k
UDfr67DCj8PE3ULijh46lSlNjGRXbAHhXL2L3JNGxOGjoAP+gjIp70kBEXWyOoU7
cfYsc9hl1rfbOzyK2Ys0TESTxJcNA6bQXHukRaXU95H7zFnriZkmPG6E7AQA8f2o
dYnCt1QlTONdivAVPtm4xn6zdS8t3VSUVWBeOUUEhtC/XcEQY5YpYv2loPxnPBRP
VFFGL7zsJ4GtvO5N2vpJLKRB8z0yAfx/sj+4n9cgo92Px+b7COMzIlc4tLciO0Er
VbdEYNe9N21w82s1UbuTnXu/aIksahgoQHfEbP4046sqwW/iRhoooRpBnyQ+rqTC
YsrgYPm24aH8aXv3BEOLR1KOAw34IZIAOGVw7KNwj64ZYPbd1C5mwnooRWWuaeQk
2ZkF9RnQqfBajBJf/qujk/A72ym1d7jdam5iv7pljTmmbXIkQise9JwBVuGj+0lK
p7K3KbQ2eXcHKvq/XYM/g2BxUmv3aZooBQCokLs6iHRRR0z93xQ4EoQaAOSibAGC
RbS2xplvmeRwMejvo3xk7wkiN0l/MkKJcCrNtRoHa5ynnMByovN4jptXeoUFzdi9
1lKwwNZtCp2wnL5gii/kqpGFMJzPbcynE3vMN9X02wKDmFP3CdWhngYhgjHo0ZT2
qn5KL57U3t2Xgp4pW1PY
=8jsQ
-----END PGP SIGNATURE-----