Bug 43769 - bind9: Denial of service (4.1)
bind9: Denial of service (4.1)
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.1
Other Linux
: P5 normal (vote)
: UCS 4.1-5-errata
Assigned To: Arvid Requate
Jürn Brodersen
Depends on: 42747
  Show dependency treegraph
Reported: 2017-03-09 14:05 CET by Arvid Requate
Modified: 2018-04-04 16:43 CEST (History)
1 user (show)

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): Security
Max CVSS v3 score: 7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
requate: Patch_Available+


Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2017-03-09 14:05:45 CET
Upstream Debian package version 1:9.8.4.dfsg.P1-6+nmu2+deb7u15 fixes this issue:

* Assertion failure when using DNS64 and RPZ can lead to crash (CVE-2017-3135)
Comment 1 Arvid Requate univentionstaff 2017-06-01 17:21:01 CEST
Upstream Debian package version 1:9.8.4.dfsg.P1-6+nmu2+deb7u16 fixes

* An error handling synthesized records could cause an assertion failure when using DNS64 with "break-dnssec yes;" (CVE-2017-3136)

* A response packet can cause a resolver to terminate when processing an answer containing a CNAME or DNAME (CVE-2017-3137)

* named exits with a REQUIRE assertion failure if it receives a null command string on its control channel (CVE-2017-3138)
Comment 2 Arvid Requate univentionstaff 2017-08-07 15:31:53 CEST
Upstream Debian package version 1:9.8.4.dfsg.P1-6+nmu2+deb7u17 fixes:

* An error in TSIG authentication can permit unauthorized zone transfers (CVE-2017-3142)

* An error in TSIG authentication can permit unauthorized dynamic updates (CVE-2017-3143)

And 1:9.8.4.dfsg.P1-6+nmu2+deb7u18 fixes a regression.
Comment 3 Arvid Requate univentionstaff 2018-03-28 14:25:37 CEST
Upstream package imported and built.

Advisory: bind9.yaml
Comment 4 Jürn Brodersen univentionstaff 2018-03-29 15:20:08 CEST
bind works with and without samba after the upgrade -> OK


-> Verified
Comment 5 Philipp Hahn univentionstaff 2018-04-04 16:43:58 CEST