Subject: | |
From: | |
Reply To: | |
Date: | Wed, 5 Jul 2017 14:00:51 -0000 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Synopsis: Important: bind security and bug fix update
Advisory ID: SLSA-2017:1679-1
Issue Date: 2017-07-05
CVE Numbers: CVE-2017-3142
CVE-2017-3143
--
Security Fix(es):
* A flaw was found in the way BIND handled TSIG authentication for dynamic
updates. A remote attacker able to communicate with an authoritative BIND
server could use this flaw to manipulate the contents of a zone, by
forging a valid TSIG or SIG(0) signature for a dynamic update request.
(CVE-2017-3143)
* A flaw was found in the way BIND handled TSIG authentication of AXFR
requests. A remote attacker, able to communicate with an authoritative
BIND server, could use this flaw to view the entire contents of a zone by
sending a specially constructed request packet. (CVE-2017-3142)
Bug Fix(es):
* ICANN is planning to perform a Root Zone DNSSEC Key Signing Key (KSK)
rollover during October 2017. Maintaining an up-to-date KSK, by adding the
new root zone KSK, is essential for ensuring that validating DNS resolvers
continue to function following the rollover.
--
SL6
x86_64
bind-debuginfo-9.8.2-0.62.rc1.el6_9.4.i686.rpm
bind-debuginfo-9.8.2-0.62.rc1.el6_9.4.x86_64.rpm
bind-libs-9.8.2-0.62.rc1.el6_9.4.i686.rpm
bind-libs-9.8.2-0.62.rc1.el6_9.4.x86_64.rpm
bind-utils-9.8.2-0.62.rc1.el6_9.4.x86_64.rpm
bind-9.8.2-0.62.rc1.el6_9.4.x86_64.rpm
bind-chroot-9.8.2-0.62.rc1.el6_9.4.x86_64.rpm
bind-devel-9.8.2-0.62.rc1.el6_9.4.i686.rpm
bind-devel-9.8.2-0.62.rc1.el6_9.4.x86_64.rpm
bind-sdb-9.8.2-0.62.rc1.el6_9.4.x86_64.rpm
i386
bind-debuginfo-9.8.2-0.62.rc1.el6_9.4.i686.rpm
bind-libs-9.8.2-0.62.rc1.el6_9.4.i686.rpm
bind-utils-9.8.2-0.62.rc1.el6_9.4.i686.rpm
bind-9.8.2-0.62.rc1.el6_9.4.i686.rpm
bind-chroot-9.8.2-0.62.rc1.el6_9.4.i686.rpm
bind-devel-9.8.2-0.62.rc1.el6_9.4.i686.rpm
bind-sdb-9.8.2-0.62.rc1.el6_9.4.i686.rpm
- Scientific Linux Development Team
|
|
|