Operating System:

[Debian]

Published:

27 February 2017

Protect yourself against future threats.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2017.0525
                           bind9 security update
                             27 February 2017

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           bind9
Publisher:         Debian
Operating System:  Debian GNU/Linux 8
Impact/Access:     Denial of Service -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2017-3135 CVE-2016-8864 

Reference:         ESB-2017.0459
                   ESB-2017.0454
                   ESB-2016.2568
                   ESB-2016.2565

Original Bulletin: 
   http://www.debian.org/security/2017/dsa-3795

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-3795-1                   security@debian.org
https://www.debian.org/security/                          Michael Gilbert
February 26, 2017                     https://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : bind9
CVE ID         : CVE-2017-3135
Debian Bug     : 855520

It was discovered that a maliciously crafted query can cause ISC's
BIND DNS server (named) to crash if both Response Policy Zones (RPZ)
and DNS64 (a bridge between IPv4 and IPv6 networks) are enabled.  It
is uncommon for both of these options to be used in combination, so
very few systems will be affected by this problem in practice.

This update also corrects an additional regression caused by the fix
for CVE-2016-8864, which was applied in a previous security update.

For the stable distribution (jessie), this problem has been fixed in
version 1:9.9.5.dfsg-9+deb8u10.

For the testing (stretch) and unstable (sid) distributions, this
problem has been fixed in version 1:9.10.3.dfsg.P4-12.

We recommend that you upgrade your bind9 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----

iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAliyQEYACgkQuNayzQLW
9HMZVx/9H5lwU5/miP1j2JDkWToPNQRWa5Tm+UI1X+8APc+k1CsjPj7DESEJ5vKr
kZigmrWnuVbla1K+19sL3zYgBeN2PIOQywEyeP4Os33zufAvjSxiwNmxd7lABlF8
cpryWmdStxkFGapgHnjNJkAtRADiRr904Yy4EVMIlowaDxf2xoFScvKGkDfwQb2E
/xzGoRVC8gzWGUtAqTPk1PTuN3XoHLBxLP0u+tthkuBA7QI1GxBuu+hKc+NrBDN5
QT9sIF+5aVEnWOhRoCRwpCfeelBG0LDB0VZrVl6Wbp3rj78urw6Eo3wKEpO9HHR3
iICnTf1/QddHOEUwkWC0XVoUddqI9QYhb7EYiqRWMBNEaQAQANBHG4eQtX0Y/TE6
GwqeLXTLiBP+jZExvZxMhoQ10grg3fXExG1FuW/rAF+YlxQTyAhDSUXFuNtuVVtZ
+V5GMLbXIdsW4G5JEGNHuiiwJYzhp4l3r3c0FrvgcXJ9r8YEwalBCVjAshc31Eq8
Fd+VAQAiTfiA9KHEFxAhWRn1IS73K5ByitJeJ2n5qfXB7GrJZal9Y3snegmA1PGD
8ZQ2tryJ2GD7yVXe73+isZiTYPPzPasoAys/UN08F/j3yO44vIdgjJg8xnQ7N+lN
outKPUmZ3wuttJZa4MtsSw3fUYKYIQDqljsGnZ0592B+V44aq4UvZ7nOJkfTkiV3
o8B16trbMzOWICSglhPasf3XJrG3dKNOpuWj964g898w4mzJjEwSMU6edQj7kHTz
OMK2Tup+tndHoAPtm5ymN709zx7RPpZ9tRoTdWqQkgemJfPpLMG26/oyCVfL2+a7
RqnWJWlvpj2RVfctO2ESMw9GYJ1vDib/M1S9NKZADMFTBMVfuAGcheS7KaObtO8V
B7UnDOE1Q7O1LRl7krvAbRcJkmDM2QdsrJJWSfCwaCrI4Tv4qJZbi4OtvEE92UQh
YqoSYT+j7AAFiiEg4YQ230S/VeF5a9aF5rAqrk2V15pCbldTVApqKqXy9G6w+8hK
aG5JK+K3y5PF07E+cXynfyMKKM1jIFckrgBLx53gXeAl3gGuggmZr0aXnY2+KCyR
lQIwf+b+hYJlIPgT1PaxCDGrRZ1O9qlQvfkMkZubN6NUKUSWMkNzgdXd+oY6ETn+
MR8W/qz/mWhgCq7BBzkpO/HzNaQ+h2x+2/0NS6tXP8SQEw/8W4zsxwKg3tuXVVOd
Ix5SMLkcb0VxzOvvLxycdbu/cAQa7rJyZdhAsR639aIlIy/1SVtKyPalnmAet6vm
YuVtOWErusmlnCLlB2uLRpGFqNMByNjx9UyQfCQILHyY6yC6+O1gOv6ZAIdFivc/
bcY/PLeQuTJqF7UymjuTnZ3617ADRQ==
=wXg6
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWLNxtYx+lLeg9Ub1AQgDUBAArNz8ikjq1Vv3DVZv/h7Rer4yYbV90F1t
nizTzm2dQ/5W4FJNachX+QKUCkd9oPijj2FeGXj63EaUroD2C/5V5FYiVmcLI9gR
fTUyFs6Jbyx19YdtQpEYouYdFc2ZWgpc+VWxq/GqcZoXX45CHHJc+gVyjSbm657W
8cSs0zFNT5U0Mtyw+b7ucY6df1xfbwZ8v20cvaxleUQsJUPDFQh+3g7nzzwpp/e8
ndfvAmZMuIEDA0FYyH0wC5n61E0jdsVcgAjHQ8NXM+1qIEdZB71zR22eZzWulfBN
k3p9NnyTqGJAPJUjaSjHeHiA5LWpzD70+oR2WftK0jkcFiwnWc+AEVTPCebyIbI6
csp9a/B+cs/PKPK4S0rzralzFmHXKWO7SjoBqM3RKaJlH6CIYUUBXDKvHt3eNllH
SoJKAtrgTYaVL4bSXw8Dkz8JC0Pk0aV6Fvv4IWvSpnaZKD5mUB7voK7MqzuPRSo4
iKsb1yExxmoOPczCipVO1rm85sfZ0ow+CMnXgfDw0d+FEsNj/wyfQ/jTNXuliNl0
gaOvztq2JWm2MjQJ9yzfk/PUCfZagAX2iFHuWnzjQqdf1DJOt22R/a5zyEGg3nyx
x9uS9TCZvRLSwpAxn2ahFpJC7BDsXxfx52JrmXw5k08n86L9t3Fz3f9MSlyPg4a9
wmBEDkvDLF0=
=cArd
-----END PGP SIGNATURE-----