[SECURITY] [DSA 4089-1] bind9 security update

ID DEBIAN:DSA-4089-1:03192
Type debian
Reporter Debian
Modified 2018-01-16T22:06:20


Debian Security Advisory DSA-4089-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso January 16, 2018 https://www.debian.org/security/faq

Package : bind9 CVE ID : CVE-2017-3145

Jayachandran Palanisamy of Cygate AB reported that BIND, a DNS server implementation, was improperly sequencing cleanup operations, leading in some cases to a use-after-free error, triggering an assertion failure and crash in named.

For the oldstable distribution (jessie), this problem has been fixed in version 1:9.9.5.dfsg-9+deb8u15.

For the stable distribution (stretch), this problem has been fixed in version 1:9.10.3.dfsg.P4-12.3+deb9u4.

We recommend that you upgrade your bind9 packages.

For the detailed security status of bind9 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/bind9

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org