ID

VAR-201901-0389

CVE

CVE-2017-3145

TITLE

ISC BIND 9 Service operation interruption (DoS) Vulnerabilities

DESCRIPTION

BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, 9.12.0a1 to 9.12.0rc1. BIND 9 Includes remote service disruption ( DoS ) Is possible, and there are vulnerabilities due to imperfect implementation. BIND 9 Has an error in the order of cleanup processing in iterative search. As a result, freed memory usage (use-after-free) by assertion failure Occurs, named May end abnormally.Service disruption by a remote third party (DoS) attack (named Stop ) May be done. ISC BIND is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause denial-of-service conditions. =========================================================================== Ubuntu Security Notice USN-3535-2 January 17, 2018 bind9 vulnerability =========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 ESM Summary: Bind could be made to crash if it received specially crafted network traffic. This update provides the corresponding update for Ubuntu 12.04 ESM. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 ESM: bind9=C2=A01:9.8.1.dfsg.P1-4ubuntu0.24 In general, a standard system update will make all the necessary changes. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/bind-9.10.6_P1-i586-1_slack14.2.txz: Upgraded. For more information, see: https://kb.isc.org/article/AA-01542 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3145 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/bind-9.9.11_P1-i486-1_slack13.0.txz Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/bind-9.9.11_P1-x86_64-1_slack13.0.txz Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/bind-9.9.11_P1-i486-1_slack13.1.txz Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/bind-9.9.11_P1-x86_64-1_slack13.1.txz Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/bind-9.9.11_P1-i486-1_slack13.37.txz Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/bind-9.9.11_P1-x86_64-1_slack13.37.txz Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/bind-9.9.11_P1-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/bind-9.9.11_P1-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/bind-9.9.11_P1-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/bind-9.9.11_P1-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/bind-9.10.6_P1-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/bind-9.10.6_P1-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/bind-9.11.2_P1-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/bind-9.11.2_P1-x86_64-1.txz MD5 signatures: +-------------+ Slackware 13.0 package: e80dd64171589e36710b7bbef0dc962f bind-9.9.11_P1-i486-1_slack13.0.txz Slackware x86_64 13.0 package: d482641f326a7543ac49b52b14066264 bind-9.9.11_P1-x86_64-1_slack13.0.txz Slackware 13.1 package: bcda49076768b83ba97d34ce33fa1149 bind-9.9.11_P1-i486-1_slack13.1.txz Slackware x86_64 13.1 package: 67fff04baa5e780a4da0a369bb2387b3 bind-9.9.11_P1-x86_64-1_slack13.1.txz Slackware 13.37 package: e9da89b964b1ad8274e381f4fadc8932 bind-9.9.11_P1-i486-1_slack13.37.txz Slackware x86_64 13.37 package: 15cf2689ec701d49db3ac2402b1cfd8e bind-9.9.11_P1-x86_64-1_slack13.37.txz Slackware 14.0 package: cb697b092fc9f0ca0d34908d982704d3 bind-9.9.11_P1-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 7fc7c78eab670800e8050619e32a9f10 bind-9.9.11_P1-x86_64-1_slack14.0.txz Slackware 14.1 package: 112d11d4a5da750dc97e8e7b453b788c bind-9.9.11_P1-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 33b23dd33c5e8858bbaf01e021d948a1 bind-9.9.11_P1-x86_64-1_slack14.1.txz Slackware 14.2 package: 3e3789b5a4d08f09511648bd0241f09f bind-9.10.6_P1-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 3771a2d36a6e3d49979386c5258de1da bind-9.10.6_P1-x86_64-1_slack14.2.txz Slackware -current package: 339eaae45be15550afc28fb2d4cad9a9 n/bind-9.11.2_P1-i586-1.txz Slackware x86_64 -current package: ede731e198dd2858a82498e6613ca0a5 n/bind-9.11.2_P1-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg bind-9.10.6_P1-i586-1_slack14.2.txz Then, restart the name server: # /etc/rc.d/rc.bind restart +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. 7.2) - noarch, x86_64 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: bind security update Advisory ID: RHSA-2018:0102-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:0102 Issue date: 2018-01-22 CVE Names: CVE-2017-3145 ===================================================================== 1. Summary: An update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, noarch, ppc64le Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A remote attacker could potentially use this flaw to make named, acting as a DNSSEC validating resolver, exit unexpectedly with an assertion failure via a specially crafted DNS request. (CVE-2017-3145) Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Jayachandran Palanisamy (Cygate AB) as the original reporter. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, the BIND daemon (named) will be restarted automatically. 5. Package List: Red Hat Enterprise Linux Client (v. 7): Source: bind-9.9.4-51.el7_4.2.src.rpm noarch: bind-license-9.9.4-51.el7_4.2.noarch.rpm x86_64: bind-debuginfo-9.9.4-51.el7_4.2.i686.rpm bind-debuginfo-9.9.4-51.el7_4.2.x86_64.rpm bind-libs-9.9.4-51.el7_4.2.i686.rpm bind-libs-9.9.4-51.el7_4.2.x86_64.rpm bind-libs-lite-9.9.4-51.el7_4.2.i686.rpm bind-libs-lite-9.9.4-51.el7_4.2.x86_64.rpm bind-utils-9.9.4-51.el7_4.2.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: bind-9.9.4-51.el7_4.2.x86_64.rpm bind-chroot-9.9.4-51.el7_4.2.x86_64.rpm bind-debuginfo-9.9.4-51.el7_4.2.i686.rpm bind-debuginfo-9.9.4-51.el7_4.2.x86_64.rpm bind-devel-9.9.4-51.el7_4.2.i686.rpm bind-devel-9.9.4-51.el7_4.2.x86_64.rpm bind-lite-devel-9.9.4-51.el7_4.2.i686.rpm bind-lite-devel-9.9.4-51.el7_4.2.x86_64.rpm bind-pkcs11-9.9.4-51.el7_4.2.x86_64.rpm bind-pkcs11-devel-9.9.4-51.el7_4.2.i686.rpm bind-pkcs11-devel-9.9.4-51.el7_4.2.x86_64.rpm bind-pkcs11-libs-9.9.4-51.el7_4.2.i686.rpm bind-pkcs11-libs-9.9.4-51.el7_4.2.x86_64.rpm bind-pkcs11-utils-9.9.4-51.el7_4.2.x86_64.rpm bind-sdb-9.9.4-51.el7_4.2.x86_64.rpm bind-sdb-chroot-9.9.4-51.el7_4.2.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: bind-9.9.4-51.el7_4.2.src.rpm noarch: bind-license-9.9.4-51.el7_4.2.noarch.rpm x86_64: bind-debuginfo-9.9.4-51.el7_4.2.i686.rpm bind-debuginfo-9.9.4-51.el7_4.2.x86_64.rpm bind-libs-9.9.4-51.el7_4.2.i686.rpm bind-libs-9.9.4-51.el7_4.2.x86_64.rpm bind-libs-lite-9.9.4-51.el7_4.2.i686.rpm bind-libs-lite-9.9.4-51.el7_4.2.x86_64.rpm bind-utils-9.9.4-51.el7_4.2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: bind-9.9.4-51.el7_4.2.x86_64.rpm bind-chroot-9.9.4-51.el7_4.2.x86_64.rpm bind-debuginfo-9.9.4-51.el7_4.2.i686.rpm bind-debuginfo-9.9.4-51.el7_4.2.x86_64.rpm bind-devel-9.9.4-51.el7_4.2.i686.rpm bind-devel-9.9.4-51.el7_4.2.x86_64.rpm bind-lite-devel-9.9.4-51.el7_4.2.i686.rpm bind-lite-devel-9.9.4-51.el7_4.2.x86_64.rpm bind-pkcs11-9.9.4-51.el7_4.2.x86_64.rpm bind-pkcs11-devel-9.9.4-51.el7_4.2.i686.rpm bind-pkcs11-devel-9.9.4-51.el7_4.2.x86_64.rpm bind-pkcs11-libs-9.9.4-51.el7_4.2.i686.rpm bind-pkcs11-libs-9.9.4-51.el7_4.2.x86_64.rpm bind-pkcs11-utils-9.9.4-51.el7_4.2.x86_64.rpm bind-sdb-9.9.4-51.el7_4.2.x86_64.rpm bind-sdb-chroot-9.9.4-51.el7_4.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: bind-9.9.4-51.el7_4.2.src.rpm noarch: bind-license-9.9.4-51.el7_4.2.noarch.rpm ppc64: bind-9.9.4-51.el7_4.2.ppc64.rpm bind-chroot-9.9.4-51.el7_4.2.ppc64.rpm bind-debuginfo-9.9.4-51.el7_4.2.ppc.rpm bind-debuginfo-9.9.4-51.el7_4.2.ppc64.rpm bind-libs-9.9.4-51.el7_4.2.ppc.rpm bind-libs-9.9.4-51.el7_4.2.ppc64.rpm bind-libs-lite-9.9.4-51.el7_4.2.ppc.rpm bind-libs-lite-9.9.4-51.el7_4.2.ppc64.rpm bind-utils-9.9.4-51.el7_4.2.ppc64.rpm ppc64le: bind-9.9.4-51.el7_4.2.ppc64le.rpm bind-chroot-9.9.4-51.el7_4.2.ppc64le.rpm bind-debuginfo-9.9.4-51.el7_4.2.ppc64le.rpm bind-libs-9.9.4-51.el7_4.2.ppc64le.rpm bind-libs-lite-9.9.4-51.el7_4.2.ppc64le.rpm bind-pkcs11-9.9.4-51.el7_4.2.ppc64le.rpm bind-pkcs11-libs-9.9.4-51.el7_4.2.ppc64le.rpm bind-pkcs11-utils-9.9.4-51.el7_4.2.ppc64le.rpm bind-utils-9.9.4-51.el7_4.2.ppc64le.rpm s390x: bind-9.9.4-51.el7_4.2.s390x.rpm bind-chroot-9.9.4-51.el7_4.2.s390x.rpm bind-debuginfo-9.9.4-51.el7_4.2.s390.rpm bind-debuginfo-9.9.4-51.el7_4.2.s390x.rpm bind-libs-9.9.4-51.el7_4.2.s390.rpm bind-libs-9.9.4-51.el7_4.2.s390x.rpm bind-libs-lite-9.9.4-51.el7_4.2.s390.rpm bind-libs-lite-9.9.4-51.el7_4.2.s390x.rpm bind-utils-9.9.4-51.el7_4.2.s390x.rpm x86_64: bind-9.9.4-51.el7_4.2.x86_64.rpm bind-chroot-9.9.4-51.el7_4.2.x86_64.rpm bind-debuginfo-9.9.4-51.el7_4.2.i686.rpm bind-debuginfo-9.9.4-51.el7_4.2.x86_64.rpm bind-libs-9.9.4-51.el7_4.2.i686.rpm bind-libs-9.9.4-51.el7_4.2.x86_64.rpm bind-libs-lite-9.9.4-51.el7_4.2.i686.rpm bind-libs-lite-9.9.4-51.el7_4.2.x86_64.rpm bind-pkcs11-9.9.4-51.el7_4.2.x86_64.rpm bind-pkcs11-libs-9.9.4-51.el7_4.2.i686.rpm bind-pkcs11-libs-9.9.4-51.el7_4.2.x86_64.rpm bind-pkcs11-utils-9.9.4-51.el7_4.2.x86_64.rpm bind-utils-9.9.4-51.el7_4.2.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): Source: bind-9.9.4-51.el7_4.2.src.rpm aarch64: bind-9.9.4-51.el7_4.2.aarch64.rpm bind-chroot-9.9.4-51.el7_4.2.aarch64.rpm bind-debuginfo-9.9.4-51.el7_4.2.aarch64.rpm bind-libs-9.9.4-51.el7_4.2.aarch64.rpm bind-libs-lite-9.9.4-51.el7_4.2.aarch64.rpm bind-pkcs11-9.9.4-51.el7_4.2.aarch64.rpm bind-pkcs11-libs-9.9.4-51.el7_4.2.aarch64.rpm bind-pkcs11-utils-9.9.4-51.el7_4.2.aarch64.rpm bind-utils-9.9.4-51.el7_4.2.aarch64.rpm noarch: bind-license-9.9.4-51.el7_4.2.noarch.rpm ppc64le: bind-9.9.4-51.el7_4.2.ppc64le.rpm bind-chroot-9.9.4-51.el7_4.2.ppc64le.rpm bind-debuginfo-9.9.4-51.el7_4.2.ppc64le.rpm bind-libs-9.9.4-51.el7_4.2.ppc64le.rpm bind-libs-lite-9.9.4-51.el7_4.2.ppc64le.rpm bind-pkcs11-9.9.4-51.el7_4.2.ppc64le.rpm bind-pkcs11-libs-9.9.4-51.el7_4.2.ppc64le.rpm bind-pkcs11-utils-9.9.4-51.el7_4.2.ppc64le.rpm bind-utils-9.9.4-51.el7_4.2.ppc64le.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: bind-debuginfo-9.9.4-51.el7_4.2.ppc.rpm bind-debuginfo-9.9.4-51.el7_4.2.ppc64.rpm bind-devel-9.9.4-51.el7_4.2.ppc.rpm bind-devel-9.9.4-51.el7_4.2.ppc64.rpm bind-lite-devel-9.9.4-51.el7_4.2.ppc.rpm bind-lite-devel-9.9.4-51.el7_4.2.ppc64.rpm bind-pkcs11-9.9.4-51.el7_4.2.ppc64.rpm bind-pkcs11-devel-9.9.4-51.el7_4.2.ppc.rpm bind-pkcs11-devel-9.9.4-51.el7_4.2.ppc64.rpm bind-pkcs11-libs-9.9.4-51.el7_4.2.ppc.rpm bind-pkcs11-libs-9.9.4-51.el7_4.2.ppc64.rpm bind-pkcs11-utils-9.9.4-51.el7_4.2.ppc64.rpm bind-sdb-9.9.4-51.el7_4.2.ppc64.rpm bind-sdb-chroot-9.9.4-51.el7_4.2.ppc64.rpm ppc64le: bind-debuginfo-9.9.4-51.el7_4.2.ppc64le.rpm bind-devel-9.9.4-51.el7_4.2.ppc64le.rpm bind-lite-devel-9.9.4-51.el7_4.2.ppc64le.rpm bind-pkcs11-devel-9.9.4-51.el7_4.2.ppc64le.rpm bind-sdb-9.9.4-51.el7_4.2.ppc64le.rpm bind-sdb-chroot-9.9.4-51.el7_4.2.ppc64le.rpm s390x: bind-debuginfo-9.9.4-51.el7_4.2.s390.rpm bind-debuginfo-9.9.4-51.el7_4.2.s390x.rpm bind-devel-9.9.4-51.el7_4.2.s390.rpm bind-devel-9.9.4-51.el7_4.2.s390x.rpm bind-lite-devel-9.9.4-51.el7_4.2.s390.rpm bind-lite-devel-9.9.4-51.el7_4.2.s390x.rpm bind-pkcs11-9.9.4-51.el7_4.2.s390x.rpm bind-pkcs11-devel-9.9.4-51.el7_4.2.s390.rpm bind-pkcs11-devel-9.9.4-51.el7_4.2.s390x.rpm bind-pkcs11-libs-9.9.4-51.el7_4.2.s390.rpm bind-pkcs11-libs-9.9.4-51.el7_4.2.s390x.rpm bind-pkcs11-utils-9.9.4-51.el7_4.2.s390x.rpm bind-sdb-9.9.4-51.el7_4.2.s390x.rpm bind-sdb-chroot-9.9.4-51.el7_4.2.s390x.rpm x86_64: bind-debuginfo-9.9.4-51.el7_4.2.i686.rpm bind-debuginfo-9.9.4-51.el7_4.2.x86_64.rpm bind-devel-9.9.4-51.el7_4.2.i686.rpm bind-devel-9.9.4-51.el7_4.2.x86_64.rpm bind-lite-devel-9.9.4-51.el7_4.2.i686.rpm bind-lite-devel-9.9.4-51.el7_4.2.x86_64.rpm bind-pkcs11-devel-9.9.4-51.el7_4.2.i686.rpm bind-pkcs11-devel-9.9.4-51.el7_4.2.x86_64.rpm bind-sdb-9.9.4-51.el7_4.2.x86_64.rpm bind-sdb-chroot-9.9.4-51.el7_4.2.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7): aarch64: bind-debuginfo-9.9.4-51.el7_4.2.aarch64.rpm bind-devel-9.9.4-51.el7_4.2.aarch64.rpm bind-lite-devel-9.9.4-51.el7_4.2.aarch64.rpm bind-pkcs11-devel-9.9.4-51.el7_4.2.aarch64.rpm bind-sdb-9.9.4-51.el7_4.2.aarch64.rpm bind-sdb-chroot-9.9.4-51.el7_4.2.aarch64.rpm ppc64le: bind-debuginfo-9.9.4-51.el7_4.2.ppc64le.rpm bind-devel-9.9.4-51.el7_4.2.ppc64le.rpm bind-lite-devel-9.9.4-51.el7_4.2.ppc64le.rpm bind-pkcs11-devel-9.9.4-51.el7_4.2.ppc64le.rpm bind-sdb-9.9.4-51.el7_4.2.ppc64le.rpm bind-sdb-chroot-9.9.4-51.el7_4.2.ppc64le.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: bind-9.9.4-51.el7_4.2.src.rpm noarch: bind-license-9.9.4-51.el7_4.2.noarch.rpm x86_64: bind-9.9.4-51.el7_4.2.x86_64.rpm bind-chroot-9.9.4-51.el7_4.2.x86_64.rpm bind-debuginfo-9.9.4-51.el7_4.2.i686.rpm bind-debuginfo-9.9.4-51.el7_4.2.x86_64.rpm bind-libs-9.9.4-51.el7_4.2.i686.rpm bind-libs-9.9.4-51.el7_4.2.x86_64.rpm bind-libs-lite-9.9.4-51.el7_4.2.i686.rpm bind-libs-lite-9.9.4-51.el7_4.2.x86_64.rpm bind-pkcs11-9.9.4-51.el7_4.2.x86_64.rpm bind-pkcs11-libs-9.9.4-51.el7_4.2.i686.rpm bind-pkcs11-libs-9.9.4-51.el7_4.2.x86_64.rpm bind-pkcs11-utils-9.9.4-51.el7_4.2.x86_64.rpm bind-utils-9.9.4-51.el7_4.2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: bind-debuginfo-9.9.4-51.el7_4.2.i686.rpm bind-debuginfo-9.9.4-51.el7_4.2.x86_64.rpm bind-devel-9.9.4-51.el7_4.2.i686.rpm bind-devel-9.9.4-51.el7_4.2.x86_64.rpm bind-lite-devel-9.9.4-51.el7_4.2.i686.rpm bind-lite-devel-9.9.4-51.el7_4.2.x86_64.rpm bind-pkcs11-devel-9.9.4-51.el7_4.2.i686.rpm bind-pkcs11-devel-9.9.4-51.el7_4.2.x86_64.rpm bind-sdb-9.9.4-51.el7_4.2.x86_64.rpm bind-sdb-chroot-9.9.4-51.el7_4.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-3145 https://access.redhat.com/security/updates/classification/#important https://kb.isc.org/article/AA-01542 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFaZbNaXlSAg2UNWIIRAhseAJwJY60VWvytXGwwUobWF4unAHWMQACglAIz jCE2ReWW+2tdqqDaqI75u8I= =Hncw -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . For the oldstable distribution (jessie), this problem has been fixed in version 1:9.9.5.dfsg-9+deb8u15. For the stable distribution (stretch), this problem has been fixed in version 1:9.10.3.dfsg.P4-12.3+deb9u4. We recommend that you upgrade your bind9 packages. For the detailed security status of bind9 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/bind9 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlpedglfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0QpmhAAi8d529DGMZOzcaRyvyWEa+Hth+CLca5y/4Wugv/BrRjTn+tDzYriNatW wtLQLWZOiyxtPvcQjU+lwxRzSh4r++JorSbTdq6SNSKK1VTe67yCst0n7O5k9jhb G31FXHeXyYjp7JMGPxQ1T6xwvbjpOnI3wwE7LkxZY69Lo/bOLoeiY9BDojdkuexd KK4vPQFkMwrARszjEb3QriCJbkhv8uiCA0vg15cD4zFJJ3yYiB/+sVJScc7jnSwo pxdSSIQrYzRNNN5vqkTV6JHta+fwX3taN4U5Ov7QD3v5NkL/yR53Wv3V2O7jlfLs 0AV2Lhm3CyB2VGp0XzTSIGvUvlROGDmsSvwM+QT+zbg5+7JVu3UI25YpL7faJ5oy MPmj/w+tZkFepxFuRjV8LwSdcP1JtNd9UIN/5ugbOk6R95vse5WXwQKa1eZ6a7X2 3sTwlFC2aN9kLfD51ROzYKb0sJbgu9tEscJYJ6kz77pSA0LZ22K37XHq80z3wuLh xCCS3YEjxVl/Zh+qLmAekZgKih2lWGt5inTstRzcVqzJlJoz1xoLBR7LoEW9sp1R 4XcGxh38QGdpxTs6sr71cRIPr6DpA1tpDt5EOaIw+nIC/t0JxVvbX6V15UYTd6++ X4hS2czq3HAR8J52MlMSjyXrdvp4u6Drta0D/axxa/YAHI5KXWA= =84Lf -----END PGP SIGNATURE-----

AFFECTED PRODUCTS