[SECURITY] [DSA 3854-1] bind9 security update

🗓️ 14 May 2017 17:47:46Reported by DebianType

debian

debian🔗 lists.debian.org👁 35 Views

BIND9 security update, vulnerabilities discovered, denial-of-service threat

Reporter	Title	Published	Views	Family All 204
ALT Linux	Security fix for the ALT Linux 9 package bind version 9.10.4.P8-alt1	12 Apr 201700:00	–	altlinux
ALT Linux	Security fix for the ALT Linux 8 package bind version 9.10.4.P8-alt1	12 Apr 201700:00	–	altlinux
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in coreutils, sudo, jasper, bind, bash, libtirpc, nss and nss-util affect IBM SmartCloud Entry	19 Jul 202000:49	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Guardium is affected by Open Source packages vulnerabilities	16 Jun 201822:04	–	ibm
IBM Security Bulletins	Security Bulletin: IBM i is affected by networking BIND vulnerabilities (CVE-2017-3136, CVE-2017-3137 and CVE-2017-3138)	18 Dec 201914:26	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple packages as used in IBM Security QRadar Packet Capture are vulnerable to various security issues.	28 Oct 202017:16	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Bind affect PowerKVM	18 Jun 201801:36	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in OpenSource ISC Bind affects IBM Netezza Host Management	18 Oct 201903:10	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in BIND affect Power Hardware Management Console	23 Sep 202101:45	–	ibm
ATTACKERKB	Backport of the fix for CVE-2017-3137 leads to assertion failure in validator.c:1858	30 Oct 201900:00	–	attackerkb

OS	OS Version	Architecture	Package	Package Version	Filename
Debian	8	any	bind9	1:9.9.5.dfsg-9+deb8u11	bind9_1:9.9.5.dfsg-9+deb8u11_any.deb
Debian	8	any	bind9-doc	1:9.9.5.dfsg-9+deb8u11	bind9-doc_1:9.9.5.dfsg-9+deb8u11_any.deb
Debian	8	amd64	bind9-host	1:9.9.5.dfsg-9+deb8u11	bind9-host_1:9.9.5.dfsg-9+deb8u11_amd64.deb
Debian	8	arm64	bind9-host	1:9.9.5.dfsg-9+deb8u11	bind9-host_1:9.9.5.dfsg-9+deb8u11_arm64.deb
Debian	8	armel	bind9-host	1:9.9.5.dfsg-9+deb8u11	bind9-host_1:9.9.5.dfsg-9+deb8u11_armel.deb
Debian	8	armhf	bind9-host	1:9.9.5.dfsg-9+deb8u11	bind9-host_1:9.9.5.dfsg-9+deb8u11_armhf.deb
Debian	8	i386	bind9-host	1:9.9.5.dfsg-9+deb8u11	bind9-host_1:9.9.5.dfsg-9+deb8u11_i386.deb
Debian	8	kfreebsd-amd64	bind9-host	1:9.9.5.dfsg-9+deb8u11	bind9-host_1:9.9.5.dfsg-9+deb8u11_kfreebsd-amd64.deb
Debian	8	kfreebsd-i386	bind9-host	1:9.9.5.dfsg-9+deb8u11	bind9-host_1:9.9.5.dfsg-9+deb8u11_kfreebsd-i386.deb
Debian	8	mips	bind9-host	1:9.9.5.dfsg-9+deb8u11	bind9-host_1:9.9.5.dfsg-9+deb8u11_mips.deb

14 May 2017 17:47Current

7.9High risk

Vulners AI Score7.9

CVSS 25

CVSS 37.5

EPSS0.16242

debian bind9 dns server cve-2017-3136 cve-2017-3137 cve-2017-3138 yandex assertion failure null command string upgrade debian security advisories