Bug 43769 - bind9: Denial of service (4.1)
bind9: Denial of service (4.1)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.1
Other Linux
: P5 normal (vote)
: UCS 4.1-5-errata
Assigned To: Arvid Requate
Jürn Brodersen
:
Depends on: 42747
Blocks:
  Show dependency treegraph
 
Reported: 2017-03-09 14:05 CET by Arvid Requate
Modified: 2018-04-04 16:43 CEST (History)
1 user (show)

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional): Security
Max CVSS v3 score: 7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
requate: Patch_Available+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2017-03-09 14:05:45 CET
Upstream Debian package version 1:9.8.4.dfsg.P1-6+nmu2+deb7u15 fixes this issue:

* Assertion failure when using DNS64 and RPZ can lead to crash (CVE-2017-3135)
Comment 1 Arvid Requate univentionstaff 2017-06-01 17:21:01 CEST
Upstream Debian package version 1:9.8.4.dfsg.P1-6+nmu2+deb7u16 fixes

* An error handling synthesized records could cause an assertion failure when using DNS64 with "break-dnssec yes;" (CVE-2017-3136)

* A response packet can cause a resolver to terminate when processing an answer containing a CNAME or DNAME (CVE-2017-3137)

* named exits with a REQUIRE assertion failure if it receives a null command string on its control channel (CVE-2017-3138)
Comment 2 Arvid Requate univentionstaff 2017-08-07 15:31:53 CEST
Upstream Debian package version 1:9.8.4.dfsg.P1-6+nmu2+deb7u17 fixes:

* An error in TSIG authentication can permit unauthorized zone transfers (CVE-2017-3142)

* An error in TSIG authentication can permit unauthorized dynamic updates (CVE-2017-3143)


And 1:9.8.4.dfsg.P1-6+nmu2+deb7u18 fixes a regression.
Comment 3 Arvid Requate univentionstaff 2018-03-28 14:25:37 CEST
Upstream package imported and built.

Advisory: bind9.yaml
Comment 4 Jürn Brodersen univentionstaff 2018-03-29 15:20:08 CEST
OK
bind works with and without samba after the upgrade -> OK

YAML -> OK

-> Verified
Comment 5 Philipp Hahn univentionstaff 2018-04-04 16:43:58 CEST
<http://errata.software-univention.de/ucs/4.1/500.html>