[SECURITY] [DLA 1697-1] bind9 security updat

2019-02-2821:11:35

lists.debian.org

150

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

29.0%

JSON

Package : bind9
Version : 1:9.9.5.dfsg-9+deb8u17
CVE ID : CVE-2018-5745 CVE-2019-6465

Two issues have been found in bind9, the Internet Domain Name Server.

CVE-2019-6465
Zone transfer for DLZs are executed though not permitted by ACLs.

CVE-2018-5745
Avoid assertion and thus causing named to deliberately exit when a
trust anchor's key is replaced with a key which uses an unsupported
algorithm.

For Debian 8 "Jessie", these problems have been fixed in version
1:9.9.5.dfsg-9+deb8u17.

We recommend that you upgrade your bind9 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian9mipsbind9-dbgsym< 1:9.10.3.dfsg.P4-12.3+deb9u5bind9-dbgsym_1:9.10.3.dfsg.P4-12.3+deb9u5_mips.deb
Debian9ppc64ellibbind-dev< 1:9.10.3.dfsg.P4-12.3+deb9u5libbind-dev_1:9.10.3.dfsg.P4-12.3+deb9u5_ppc64el.deb
Debian9mipsellibdns162< 1:9.10.3.dfsg.P4-12.3+deb9u5libdns162_1:9.10.3.dfsg.P4-12.3+deb9u5_mipsel.deb
Debian9i386bind9-host-dbgsym< 1:9.10.3.dfsg.P4-12.3+deb9u5bind9-host-dbgsym_1:9.10.3.dfsg.P4-12.3+deb9u5_i386.deb
Debian9mipseldnsutils< 1:9.10.3.dfsg.P4-12.3+deb9u5dnsutils_1:9.10.3.dfsg.P4-12.3+deb9u5_mipsel.deb
Debian8i386bind9-host< 1:9.9.5.dfsg-9+deb8u17bind9-host_1:9.9.5.dfsg-9+deb8u17_i386.deb
Debian9arm64libbind9-140< 1:9.10.3.dfsg.P4-12.3+deb9u5libbind9-140_1:9.10.3.dfsg.P4-12.3+deb9u5_arm64.deb
Debian9i386libisccfg140< 1:9.10.3.dfsg.P4-12.3+deb9u5libisccfg140_1:9.10.3.dfsg.P4-12.3+deb9u5_i386.deb
Debian9armhflibisccfg-export140-dbgsym< 1:9.10.3.dfsg.P4-12.3+deb9u5libisccfg-export140-dbgsym_1:9.10.3.dfsg.P4-12.3+deb9u5_armhf.deb
Debian8armellibirs-export91-udeb< 1:9.9.5.dfsg-9+deb8u17libirs-export91-udeb_1:9.9.5.dfsg-9+deb8u17_armel.deb

OS	Version	Architecture	Package	Version	Filename
Debian	9	mips	bind9-dbgsym	< 1:9.10.3.dfsg.P4-12.3+deb9u5	bind9-dbgsym_1:9.10.3.dfsg.P4-12.3+deb9u5_mips.deb
Debian	9	ppc64el	libbind-dev	< 1:9.10.3.dfsg.P4-12.3+deb9u5	libbind-dev_1:9.10.3.dfsg.P4-12.3+deb9u5_ppc64el.deb
Debian	9	mipsel	libdns162	< 1:9.10.3.dfsg.P4-12.3+deb9u5	libdns162_1:9.10.3.dfsg.P4-12.3+deb9u5_mipsel.deb
Debian	9	i386	bind9-host-dbgsym	< 1:9.10.3.dfsg.P4-12.3+deb9u5	bind9-host-dbgsym_1:9.10.3.dfsg.P4-12.3+deb9u5_i386.deb
Debian	9	mipsel	dnsutils	< 1:9.10.3.dfsg.P4-12.3+deb9u5	dnsutils_1:9.10.3.dfsg.P4-12.3+deb9u5_mipsel.deb
Debian	8	i386	bind9-host	< 1:9.9.5.dfsg-9+deb8u17	bind9-host_1:9.9.5.dfsg-9+deb8u17_i386.deb
Debian	9	arm64	libbind9-140	< 1:9.10.3.dfsg.P4-12.3+deb9u5	libbind9-140_1:9.10.3.dfsg.P4-12.3+deb9u5_arm64.deb
Debian	9	i386	libisccfg140	< 1:9.10.3.dfsg.P4-12.3+deb9u5	libisccfg140_1:9.10.3.dfsg.P4-12.3+deb9u5_i386.deb
Debian	9	armhf	libisccfg-export140-dbgsym	< 1:9.10.3.dfsg.P4-12.3+deb9u5	libisccfg-export140-dbgsym_1:9.10.3.dfsg.P4-12.3+deb9u5_armhf.deb
Debian	8	armel	libirs-export91-udeb	< 1:9.9.5.dfsg-9+deb8u17	libirs-export91-udeb_1:9.9.5.dfsg-9+deb8u17_armel.deb