On Sun, Mar 31, 2013 at 03:16:11PM +0200, MarkusGMX wrote:
I did not read all the SuSE files but does anybody know if "CVE-2013-2266: A Maliciously Crafted Regular Expression Can Cause Memory Exhaustion in named" [ http://cxsecurity.com/issue/WLB-2013030255 ]
is already adressed in the SuSE 12.1 updates ( http://download.opensuse.org/update/12.1/ )?
How about reading the public accessible bug tracker? https://bugzilla.novell.com/show_bug.cgi?id=811876 in this case. Unfortunately the change log of the package for Factory doesn't speak about all the CVE IDs addressed with the move to 9.8.4-P2 (openSUSE Evergreen 11.4, 12.1) or 9.9.2-P2 (openSUSE 12.2 and 12.3). See ftp://ftp.isc.org/isc/bind9/9.8.4-P2/RELEASE-NOTES-BIND-9.8.4-P2.txt and ftp://ftp.isc.org/isc/bind9/9.9.2-P2/RELEASE-NOTES-BIND-9.9.2-P2.txt for all the CVEs addressed by the updates. Somehow this information got lost from the package change log I provided for the updates with request 161393 https://build.openSUSE.org/request/show/161393 The packages are at the moment on the way to the update repositories. The goal is to gather some more feedback first. If you need them urgently please get them from the update/<openSUSE-version>-test repositories. http://download.opensuse.org/pub/opensuse/update/12.1-test/openSUSE:Maintena... http://download.opensuse.org/pub/opensuse/update/12.2-test/openSUSE:Maintena... http://download.opensuse.org/pub/opensuse/update/12.3-test/openSUSE:Maintena... Cheers, Lars -- Lars Müller [ˈlaː(r)z ˈmʏlɐ] Samba Team + SUSE Labs SUSE Linux, Maxfeldstraße 5, 90409 Nürnberg, Germany