[SECURITY] [DSA 4089-1] bind9 security update

2018-01-1622:05:58

lists.debian.org

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.055 Low

EPSS

Percentile

93.1%

JSON

Debian Security Advisory DSA-4089-1 [email protected]
https://www.debian.org/security/ Salvatore Bonaccorso
January 16, 2018 https://www.debian.org/security/faq

Package : bind9
CVE ID : CVE-2017-3145

Jayachandran Palanisamy of Cygate AB reported that BIND, a DNS server
implementation, was improperly sequencing cleanup operations, leading in
some cases to a use-after-free error, triggering an assertion failure
and crash in named.

For the oldstable distribution (jessie), this problem has been fixed
in version 1:9.9.5.dfsg-9+deb8u15.

For the stable distribution (stretch), this problem has been fixed in
version 1:9.10.3.dfsg.P4-12.3+deb9u4.

We recommend that you upgrade your bind9 packages.

For the detailed security status of bind9 please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/bind9

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian9armhflibirs-export141< 1:9.10.3.dfsg.P4-12.3+deb9u4libirs-export141_1:9.10.3.dfsg.P4-12.3+deb9u4_armhf.deb
Debian8amd64libbind-dev< 1:9.9.5.dfsg-9+deb8u15libbind-dev_1:9.9.5.dfsg-9+deb8u15_amd64.deb
Debian7armellwresd< 1:9.8.4.dfsg.P1-6+nmu2+deb7u19lwresd_1:9.8.4.dfsg.P1-6+nmu2+deb7u19_armel.deb
Debian8armhflibbind9-90< 1:9.9.5.dfsg-9+deb8u15libbind9-90_1:9.9.5.dfsg-9+deb8u15_armhf.deb
Debian8arm64libbind-export-dev< 1:9.9.5.dfsg-9+deb8u15libbind-export-dev_1:9.9.5.dfsg-9+deb8u15_arm64.deb
Debian9i386lwresd-dbgsym< 1:9.10.3.dfsg.P4-12.3+deb9u4lwresd-dbgsym_1:9.10.3.dfsg.P4-12.3+deb9u4_i386.deb
Debian8arm64bind9< 1:9.9.5.dfsg-9+deb8u15bind9_1:9.9.5.dfsg-9+deb8u15_arm64.deb
Debian8s390xlibisccfg-export90< 1:9.9.5.dfsg-9+deb8u15libisccfg-export90_1:9.9.5.dfsg-9+deb8u15_s390x.deb
Debian9arm64liblwres141-dbgsym< 1:9.10.3.dfsg.P4-12.3+deb9u4liblwres141-dbgsym_1:9.10.3.dfsg.P4-12.3+deb9u4_arm64.deb
Debian9ppc64elbind9-host-dbgsym< 1:9.10.3.dfsg.P4-12.3+deb9u4bind9-host-dbgsym_1:9.10.3.dfsg.P4-12.3+deb9u4_ppc64el.deb

OS	Version	Architecture	Package	Version	Filename
Debian	9	armhf	libirs-export141	< 1:9.10.3.dfsg.P4-12.3+deb9u4	libirs-export141_1:9.10.3.dfsg.P4-12.3+deb9u4_armhf.deb
Debian	8	amd64	libbind-dev	< 1:9.9.5.dfsg-9+deb8u15	libbind-dev_1:9.9.5.dfsg-9+deb8u15_amd64.deb
Debian	7	armel	lwresd	< 1:9.8.4.dfsg.P1-6+nmu2+deb7u19	lwresd_1:9.8.4.dfsg.P1-6+nmu2+deb7u19_armel.deb
Debian	8	armhf	libbind9-90	< 1:9.9.5.dfsg-9+deb8u15	libbind9-90_1:9.9.5.dfsg-9+deb8u15_armhf.deb
Debian	8	arm64	libbind-export-dev	< 1:9.9.5.dfsg-9+deb8u15	libbind-export-dev_1:9.9.5.dfsg-9+deb8u15_arm64.deb
Debian	9	i386	lwresd-dbgsym	< 1:9.10.3.dfsg.P4-12.3+deb9u4	lwresd-dbgsym_1:9.10.3.dfsg.P4-12.3+deb9u4_i386.deb
Debian	8	arm64	bind9	< 1:9.9.5.dfsg-9+deb8u15	bind9_1:9.9.5.dfsg-9+deb8u15_arm64.deb
Debian	8	s390x	libisccfg-export90	< 1:9.9.5.dfsg-9+deb8u15	libisccfg-export90_1:9.9.5.dfsg-9+deb8u15_s390x.deb
Debian	9	arm64	liblwres141-dbgsym	< 1:9.10.3.dfsg.P4-12.3+deb9u4	liblwres141-dbgsym_1:9.10.3.dfsg.P4-12.3+deb9u4_arm64.deb
Debian	9	ppc64el	bind9-host-dbgsym	< 1:9.10.3.dfsg.P4-12.3+deb9u4	bind9-host-dbgsym_1:9.10.3.dfsg.P4-12.3+deb9u4_ppc64el.deb