Synopsis: Important: bind security and bug fix update
Advisory ID: SLSA-2017:1679-1
Issue Date: 2017-07-05
CVE Numbers: CVE-2017-3142
CVE-2017-3143
--
Security Fix(es):
* A flaw was found in the way BIND handled TSIG authentication for dynamic
updates. A remote attacker able to communicate with an authoritative BIND
server could use this flaw to manipulate the contents of a zone, by
forging a valid TSIG or SIG(0) signature for a dynamic update request.
(CVE-2017-3143)
* A flaw was found in the way BIND handled TSIG authentication of AXFR
requests. A remote attacker, able to communicate with an authoritative
BIND server, could use this flaw to view the entire contents of a zone by
sending a specially constructed request packet. (CVE-2017-3142)
Bug Fix(es):
* ICANN is planning to perform a Root Zone DNSSEC Key Signing Key (KSK)
rollover during October 2017. Maintaining an up-to-date KSK, by adding the
new root zone KSK, is essential for ensuring that validating DNS resolvers
continue to function following the rollover.
--
SL6
x86_64
bind-debuginfo-9.8.2-0.62.rc1.el6_9.4.i686.rpm
bind-debuginfo-9.8.2-0.62.rc1.el6_9.4.x86_64.rpm
bind-libs-9.8.2-0.62.rc1.el6_9.4.i686.rpm
bind-libs-9.8.2-0.62.rc1.el6_9.4.x86_64.rpm
bind-utils-9.8.2-0.62.rc1.el6_9.4.x86_64.rpm
bind-9.8.2-0.62.rc1.el6_9.4.x86_64.rpm
bind-chroot-9.8.2-0.62.rc1.el6_9.4.x86_64.rpm
bind-devel-9.8.2-0.62.rc1.el6_9.4.i686.rpm
bind-devel-9.8.2-0.62.rc1.el6_9.4.x86_64.rpm
bind-sdb-9.8.2-0.62.rc1.el6_9.4.x86_64.rpm
i386
bind-debuginfo-9.8.2-0.62.rc1.el6_9.4.i686.rpm
bind-libs-9.8.2-0.62.rc1.el6_9.4.i686.rpm
bind-utils-9.8.2-0.62.rc1.el6_9.4.i686.rpm
bind-9.8.2-0.62.rc1.el6_9.4.i686.rpm
bind-chroot-9.8.2-0.62.rc1.el6_9.4.i686.rpm
bind-devel-9.8.2-0.62.rc1.el6_9.4.i686.rpm
bind-sdb-9.8.2-0.62.rc1.el6_9.4.i686.rpm
- Scientific Linux Development Team
