Synopsis: Important: bind security and bug fix update Advisory ID: SLSA-2017:1679-1 Issue Date: 2017-07-05 CVE Numbers: CVE-2017-3142 CVE-2017-3143 -- Security Fix(es): * A flaw was found in the way BIND handled TSIG authentication for dynamic updates. A remote attacker able to communicate with an authoritative BIND server could use this flaw to manipulate the contents of a zone, by forging a valid TSIG or SIG(0) signature for a dynamic update request. (CVE-2017-3143) * A flaw was found in the way BIND handled TSIG authentication of AXFR requests. A remote attacker, able to communicate with an authoritative BIND server, could use this flaw to view the entire contents of a zone by sending a specially constructed request packet. (CVE-2017-3142) Bug Fix(es): * ICANN is planning to perform a Root Zone DNSSEC Key Signing Key (KSK) rollover during October 2017. Maintaining an up-to-date KSK, by adding the new root zone KSK, is essential for ensuring that validating DNS resolvers continue to function following the rollover. -- SL6 x86_64 bind-debuginfo-9.8.2-0.62.rc1.el6_9.4.i686.rpm bind-debuginfo-9.8.2-0.62.rc1.el6_9.4.x86_64.rpm bind-libs-9.8.2-0.62.rc1.el6_9.4.i686.rpm bind-libs-9.8.2-0.62.rc1.el6_9.4.x86_64.rpm bind-utils-9.8.2-0.62.rc1.el6_9.4.x86_64.rpm bind-9.8.2-0.62.rc1.el6_9.4.x86_64.rpm bind-chroot-9.8.2-0.62.rc1.el6_9.4.x86_64.rpm bind-devel-9.8.2-0.62.rc1.el6_9.4.i686.rpm bind-devel-9.8.2-0.62.rc1.el6_9.4.x86_64.rpm bind-sdb-9.8.2-0.62.rc1.el6_9.4.x86_64.rpm i386 bind-debuginfo-9.8.2-0.62.rc1.el6_9.4.i686.rpm bind-libs-9.8.2-0.62.rc1.el6_9.4.i686.rpm bind-utils-9.8.2-0.62.rc1.el6_9.4.i686.rpm bind-9.8.2-0.62.rc1.el6_9.4.i686.rpm bind-chroot-9.8.2-0.62.rc1.el6_9.4.i686.rpm bind-devel-9.8.2-0.62.rc1.el6_9.4.i686.rpm bind-sdb-9.8.2-0.62.rc1.el6_9.4.i686.rpm - Scientific Linux Development Team