| Errata ID | 500 |
|---|---|
| Date | 2018-04-04 |
| Source package | bind9 |
| Fixed in version | 1:9.8.4.dfsg.P1-6+nmu2.127.201803281358 |
| Description | This update addresses the following issues: * Assertion failure when using DNS64 and RPZ can lead to crash (CVE-2017-3135) * An error handling synthesized records could cause an assertion failure when using DNS64 with "break-dnssec yes;" (CVE-2017-3136) * A response packet can cause a resolver to terminate when processing an answer containing a CNAME or DNAME (CVE-2017-3137) * named exits with a REQUIRE assertion failure if it receives a null command string on its control channel (CVE-2017-3138) * An error in TSIG authentication can permit unauthorized zone transfers (CVE-2017-3142) * An error in TSIG authentication can permit unauthorized dynamic updates (CVE-2017-3143) * Improper fetch cleanup sequencing in the resolver can cause named to crash (CVE-2017-3145) * Denial of service in DNSSEC validation via a specially crafted DNS response (CVE-2018-5735) |
| Additional notes | |
| CVE ID | CVE-2017-3135 CVE-2017-3136 CVE-2017-3137 CVE-2017-3138 CVE-2017-3142 CVE-2017-3143 CVE-2017-3145 CVE-2018-5735 |
| UCS Bug number | #43769 |
