Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.0171 bind9 security update fixes denial of service vulnerability 17 January 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: bind9 Publisher: Debian Operating System: Debian GNU/Linux 8 Debian GNU/Linux 9 UNIX variants (UNIX, Linux, OSX) Windows Impact/Access: Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2017-3145 Original Bulletin: http://www.debian.org/security/2018/dsa-4089 Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running bind9 check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-4089-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso January 16, 2018 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : bind9 CVE ID : CVE-2017-3145 Jayachandran Palanisamy of Cygate AB reported that BIND, a DNS server implementation, was improperly sequencing cleanup operations, leading in some cases to a use-after-free error, triggering an assertion failure and crash in named. For the oldstable distribution (jessie), this problem has been fixed in version 1:9.9.5.dfsg-9+deb8u15. For the stable distribution (stretch), this problem has been fixed in version 1:9.10.3.dfsg.P4-12.3+deb9u4. We recommend that you upgrade your bind9 packages. For the detailed security status of bind9 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/bind9 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlpedglfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0QpmhAAi8d529DGMZOzcaRyvyWEa+Hth+CLca5y/4Wugv/BrRjTn+tDzYriNatW wtLQLWZOiyxtPvcQjU+lwxRzSh4r++JorSbTdq6SNSKK1VTe67yCst0n7O5k9jhb G31FXHeXyYjp7JMGPxQ1T6xwvbjpOnI3wwE7LkxZY69Lo/bOLoeiY9BDojdkuexd KK4vPQFkMwrARszjEb3QriCJbkhv8uiCA0vg15cD4zFJJ3yYiB/+sVJScc7jnSwo pxdSSIQrYzRNNN5vqkTV6JHta+fwX3taN4U5Ov7QD3v5NkL/yR53Wv3V2O7jlfLs 0AV2Lhm3CyB2VGp0XzTSIGvUvlROGDmsSvwM+QT+zbg5+7JVu3UI25YpL7faJ5oy MPmj/w+tZkFepxFuRjV8LwSdcP1JtNd9UIN/5ugbOk6R95vse5WXwQKa1eZ6a7X2 3sTwlFC2aN9kLfD51ROzYKb0sJbgu9tEscJYJ6kz77pSA0LZ22K37XHq80z3wuLh xCCS3YEjxVl/Zh+qLmAekZgKih2lWGt5inTstRzcVqzJlJoz1xoLBR7LoEW9sp1R 4XcGxh38QGdpxTs6sr71cRIPr6DpA1tpDt5EOaIw+nIC/t0JxVvbX6V15UYTd6++ X4hS2czq3HAR8J52MlMSjyXrdvp4u6Drta0D/axxa/YAHI5KXWA= =84Lf - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWl6Nj4x+lLeg9Ub1AQi1Kg/7BqZHcigqcaPhDR2YtNTqhh7oZl/ewn4b 5XP0KMLqGM5ek4mGqyXqq83hq/foAHMDV2FtdND9gKQ4dXvg2AwOqsDWNlBax7m3 Qojoyf+eh6GPAvTK07D6VYBtqd1cwnyJC9YHy21hrvQKRQOyzbwKCNaFbGmVAMgZ +ADCff0/3whe1ht/gY+oA7zS0zGr7PV9FyNb06QY5JgflPpSPdXcoW6zM3ttasvx uHyLoX9ROVaCRb+2RDJYQHKfctNno9b35IKNR9+8HOg4IUn7USoFtG1LJ783DW5o MFrvwtv4lsQ/1Ehl5JRtO9XjS+3U0YK//0d7iFdDoca4rMV8B/U0LipN5WdLoYP4 QsjK3hnsrAHhuFz68Ij9XRhc+aF7QgTkUPfS2fuKJQBe32K/weKKwJ/aAuti+jxI 5RS+JpR0Y0JdUjpZAa5eN0xrTR9TpsCS45rBNhm+7aw91JK1h81zNjLYA+WhXOgH 9Zi5FZjv5xYDgpR5/GSy4/rhd7Q7paWZ5QSBV+chdMC8v3jv+OK5UjnOEMtToFEO n/tzB61SnEHKCY46yL9BF7EENDHGSdpamAKbMkhYujMnjDMOHDjDFA9dVxNo8gH0 pAMldTjPAHrfHo6LNBKtzPEmzNEu8LNueiXBuPIZBhE6zlvyG7d6/lI/aB4bzq6Z ISEyzu3Loa8= =YRAh -----END PGP SIGNATURE-----