Univention Bugzilla – Attachment 9501 Details for
Bug 42749
bind9: Denial of service (ES 3.2)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
Advisory
3.2-bind9.txt (text/plain), 2.23 KB, created by
Arvid Requate
on 2018-04-18 13:22:35 CEST
(
hide
)
Description:
Advisory
Filename:
MIME Type:
Creator:
Arvid Requate
Created:
2018-04-18 13:22:35 CEST
Size:
2.23 KB
patch
obsolete
>A new update is available for Univention Corporate Server 3.2 as >part of the extended security maintenance. >It addresses the following problems: > >Program component: bind9 >Reference: CVE-2016-2848 CVE-2016-8864 CVE-2016-9131 CVE-2016-9147 > CVE-2016-9444 CVE-2017-3135 CVE-2017-3136 CVE-2017-3137 > CVE-2017-3138 CVE-2017-3142 CVE-2017-3143 CVE-2017-3145 > CVE-2018-5735 >Fixed version: 1:9.8.4.dfsg.P1-6+nmu2.113.201804181315 > >Multiple vulnerabilities have been found in bind9: >* remote denial of service (assertion failure and daemon exit) via malformed > options data in an OPT resource record (CVE-2016-2848) >* remote denial of service (assertion failure and daemon exit) via a DNAME > record in the answer section of a response to a recursive query, related > to db.c and resolver.c. (CVE-2016-8864) >* A crafted upstream response to an ANY query could cause an assertion > failure (CVE-2016-9131) >* A crafted upstream response with self-contradicting DNSSEC data could cause > an assertion failure (CVE-2016-9147) >* Specially-crafted upstream responses with a DS record could cause an > assertion failure (CVE-2016-9444) >* Assertion failure when using DNS64 and RPZ can lead to crash > (CVE-2017-3135) >* An error handling synthesized records could cause an assertion failure when > using DNS64 with "break-dnssec yes;" (CVE-2017-3136) >* A response packet can cause a resolver to terminate when processing an > answer containing a CNAME or DNAME (CVE-2017-3137) >* named exits with a REQUIRE assertion failure if it receives a null command > string on its control channel (CVE-2017-3138) >* An error in TSIG authentication can permit unauthorized zone transfers > (CVE-2017-3142) >* An error in TSIG authentication can permit unauthorized dynamic updates > (CVE-2017-3143) >* Improper fetch cleanup sequencing in the resolver can cause named to crash > (CVE-2017-3145) >* Denial of service in DNSSEC validation via a specially crafted DNS response > (CVE-2018-5735) > > >-- >Univention GmbH >be open. >Mary-Somerville-Str.1 >28359 Bremen >Tel. : +49 421 22232-0 >Fax : +49 421 22232-99 > ><info@univention.de> >http://www.univention.de/ > >Geschäftsführer: Peter H. Ganten >HRB 20755 Amtsgericht Bremen >Steuer-Nr.: 71-597-02876
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=9501">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 42749
: 9501