Univention Bugzilla – Bug 43769
bind9: Denial of service (4.1)
Last modified: 2018-04-04 16:43:58 CEST
Upstream Debian package version 1:9.8.4.dfsg.P1-6+nmu2+deb7u15 fixes this issue: * Assertion failure when using DNS64 and RPZ can lead to crash (CVE-2017-3135)
Upstream Debian package version 1:9.8.4.dfsg.P1-6+nmu2+deb7u16 fixes * An error handling synthesized records could cause an assertion failure when using DNS64 with "break-dnssec yes;" (CVE-2017-3136) * A response packet can cause a resolver to terminate when processing an answer containing a CNAME or DNAME (CVE-2017-3137) * named exits with a REQUIRE assertion failure if it receives a null command string on its control channel (CVE-2017-3138)
Upstream Debian package version 1:9.8.4.dfsg.P1-6+nmu2+deb7u17 fixes: * An error in TSIG authentication can permit unauthorized zone transfers (CVE-2017-3142) * An error in TSIG authentication can permit unauthorized dynamic updates (CVE-2017-3143) And 1:9.8.4.dfsg.P1-6+nmu2+deb7u18 fixes a regression.
Upstream package imported and built. Advisory: bind9.yaml
OK bind works with and without samba after the upgrade -> OK YAML -> OK -> Verified
<http://errata.software-univention.de/ucs/4.1/500.html>