From luke at foolishgames.com  Wed Feb 25 09:46:13 2015
From: luke at foolishgames.com (Lucas Holt)
Date: Wed, 25 Feb 2015 14:46:13 -0000
Subject: [Midnightbsd-users] MidnightBSD 0.5.9-RELEASE
Message-ID: <07F66366-A53B-43AB-80F2-00E8D192C64C@foolishgames.com>

        0.5.9 RELEASE

        Fix two security vulnerabilities.

        1. BIND servers which are configured to perform DNSSEC validation and which
        are using managed keys (which occurs implicitly when using
        "dnssec-validation auto;" or "dnssec-lookaside auto;") may exhibit
        unpredictable behavior due to the use of an improperly initialized
        variable.

        CVE-2015-1349

        2. An integer overflow in computing the size of IGMPv3 data buffer can result
        in a buffer which is too small for the requested operation.

        This can result in a DOS attack.




Lucas Holt
Luke at FoolishGames.com
________________________________________________________
MidnightBSD.org (Free OS)
JustJournal.com (Free blogging)