[SECURITY] [DSA 3795-1] bind9 security update

2017-02-2602:45:32

lists.debian.org

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.096 Low

EPSS

Percentile

94.7%

JSON

Debian Security Advisory DSA-3795-1 [email protected]
https://www.debian.org/security/ Michael Gilbert
February 26, 2017 https://www.debian.org/security/faq

Package : bind9
CVE ID : CVE-2017-3135
Debian Bug : 855520

It was discovered that a maliciously crafted query can cause ISC's
BIND DNS server (named) to crash if both Response Policy Zones (RPZ)
and DNS64 (a bridge between IPv4 and IPv6 networks) are enabled. It
is uncommon for both of these options to be used in combination, so
very few systems will be affected by this problem in practice.

This update also corrects an additional regression caused by the fix
for CVE-2016-8864, which was applied in a previous security update.

For the stable distribution (jessie), this problem has been fixed in
version 1:9.9.5.dfsg-9+deb8u10.

For the testing (stretch) and unstable (sid) distributions, this
problem has been fixed in version 1:9.10.3.dfsg.P4-12.

We recommend that you upgrade your bind9 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian8ppc64elbind9< 1:9.9.5.dfsg-9+deb8u10bind9_1:9.9.5.dfsg-9+deb8u10_ppc64el.deb
Debian8powerpcbind9utils< 1:9.9.5.dfsg-9+deb8u10bind9utils_1:9.9.5.dfsg-9+deb8u10_powerpc.deb
Debian8arm64libbind-dev< 1:9.9.5.dfsg-9+deb8u10libbind-dev_1:9.9.5.dfsg-9+deb8u10_arm64.deb
Debian7armhflibisccfg82< 1:9.8.4.dfsg.P1-6+nmu2+deb7u15libisccfg82_1:9.8.4.dfsg.P1-6+nmu2+deb7u15_armhf.deb
Debian8amd64libdns-export100-udeb< 1:9.9.5.dfsg-9+deb8u10libdns-export100-udeb_1:9.9.5.dfsg-9+deb8u10_amd64.deb
Debian7armellibdns88< 1:9.8.4.dfsg.P1-6+nmu2+deb7u15libdns88_1:9.8.4.dfsg.P1-6+nmu2+deb7u15_armel.deb
Debian8kfreebsd-i386liblwres90< 1:9.9.5.dfsg-9+deb8u10liblwres90_1:9.9.5.dfsg-9+deb8u10_kfreebsd-i386.deb
Debian8mipsellibisc-export95-udeb< 1:9.9.5.dfsg-9+deb8u10libisc-export95-udeb_1:9.9.5.dfsg-9+deb8u10_mipsel.deb
Debian8amd64libisc-export95< 1:9.9.5.dfsg-9+deb8u10libisc-export95_1:9.9.5.dfsg-9+deb8u10_amd64.deb
Debian8amd64libisccfg-export90-udeb< 1:9.9.5.dfsg-9+deb8u10libisccfg-export90-udeb_1:9.9.5.dfsg-9+deb8u10_amd64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	ppc64el	bind9	< 1:9.9.5.dfsg-9+deb8u10	bind9_1:9.9.5.dfsg-9+deb8u10_ppc64el.deb
Debian	8	powerpc	bind9utils	< 1:9.9.5.dfsg-9+deb8u10	bind9utils_1:9.9.5.dfsg-9+deb8u10_powerpc.deb
Debian	8	arm64	libbind-dev	< 1:9.9.5.dfsg-9+deb8u10	libbind-dev_1:9.9.5.dfsg-9+deb8u10_arm64.deb
Debian	7	armhf	libisccfg82	< 1:9.8.4.dfsg.P1-6+nmu2+deb7u15	libisccfg82_1:9.8.4.dfsg.P1-6+nmu2+deb7u15_armhf.deb
Debian	8	amd64	libdns-export100-udeb	< 1:9.9.5.dfsg-9+deb8u10	libdns-export100-udeb_1:9.9.5.dfsg-9+deb8u10_amd64.deb
Debian	7	armel	libdns88	< 1:9.8.4.dfsg.P1-6+nmu2+deb7u15	libdns88_1:9.8.4.dfsg.P1-6+nmu2+deb7u15_armel.deb
Debian	8	kfreebsd-i386	liblwres90	< 1:9.9.5.dfsg-9+deb8u10	liblwres90_1:9.9.5.dfsg-9+deb8u10_kfreebsd-i386.deb
Debian	8	mipsel	libisc-export95-udeb	< 1:9.9.5.dfsg-9+deb8u10	libisc-export95-udeb_1:9.9.5.dfsg-9+deb8u10_mipsel.deb
Debian	8	amd64	libisc-export95	< 1:9.9.5.dfsg-9+deb8u10	libisc-export95_1:9.9.5.dfsg-9+deb8u10_amd64.deb
Debian	8	amd64	libisccfg-export90-udeb	< 1:9.9.5.dfsg-9+deb8u10	libisccfg-export90-udeb_1:9.9.5.dfsg-9+deb8u10_amd64.deb