It was discovered that Unbound, a recursive DNS resolver, would crash when processing certain malformed DNS responses from authoritative DNS servers, leading to denial of service. CVE-2011-4528 Unbound attempts to free unallocated memory during processing of duplicate CNAME records in a signed zone. CVE-2011-4869 Unbound does not properly process malformed responses which lack expected NSEC3 records. For the oldstable distribution (lenny), these problems have been fixed in version 1.4.6-1~lenny2. For the stable distribution (squeeze), these problems have been fixed in version 1.4.6-1+squeeze2. For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 1.4.14-1. We recommend that you upgrade your unbound packages.
It was discovered that Unbound, a recursive DNS resolver, would crash when processing certain malformed DNS responses from authoritative DNS servers, leading to denial of service.
Unbound attempts to free unallocated memory during processing of duplicate CNAME records in a signed zone.
Unbound does not properly process malformed responses which lack expected NSEC3 records.
For the oldstable distribution (lenny), these problems have been fixed in version 1.4.6-1~lenny2.
For the stable distribution (squeeze), these problems have been fixed in version 1.4.6-1+squeeze2.
For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 1.4.14-1.
We recommend that you upgrade your unbound packages.