Lucene search

K
suseSuseSUSE-SU-2017:1736-1
HistoryJun 30, 2017 - 3:09 a.m.

Security update for bind (important)

2017-06-3003:09:33
lists.opensuse.org
60

EPSS

0.055

Percentile

93.4%

This update for bind fixes the following issues:

  • An attacker with the ability to send and receive messages to an
    authoritative DNS server was able to circumvent TSIG authentication of
    AXFR requests. A server that relied solely on TSIG keys for protection
    could be manipulated into (1) providing an AXFR of a zone to an
    unauthorized recipient and (2) accepting bogus Notify packets.
    [bsc#1046554, CVE-2017-3142]

  • An attacker who with the ability to send and receive messages to an
    authoritative DNS server and who had knowledge of a valid TSIG key name
    for the zone and service being targeted was able to manipulate BIND into
    accepting an unauthorized dynamic update. [bsc#1046555, CVE-2017-3143]