| Errata ID | 123 |
|---|---|
| Date | 2017-08-09 |
| Source package | bind9 |
| Fixed in version | 1:9.9.5.dfsg-9+deb8u13A~4.2.1.201708081700 |
| Description | This update addresses the following issues: * denial of service (assertion failure and daemon exit) via a crafted query (CVE-2016-2776) * denial of service (daemon crash) via a long request that uses the lightweight resolver protocol (not active in UCS, CVE-2016-2775) * denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c (CVE-2016-8864) * denial of service (assertion failure and daemon exit) via malformed response to an RTYPE ANY query (CVE-2016-9131) * denial of service (assertion failure and daemonexit) via response containing an inconsistency among DNSSEC-related RRsets (CVE-2016-9147) * denial of service (assertion failure and daemon exit) via crafted DS resource record in an answer (CVE-2016-9444) * An error in TSIG authentication can permit unauthorized zone transfers (CVE-2017-3142) * An error in TSIG authentication can permit unauthorized dynamic updates (CVE-2017-3143) * An error handling synthesized records could cause an assertion failure when using DNS64 with "break-dnssec yes;" (CVE-2017-3136) * A response packet can cause a resolver to terminate when processing an answer containing a CNAME or DNAME (CVE-2017-3137) * named exits with a REQUIRE assertion failure if it receives a null command string on its control channel (CVE-2017-3138) * Assertion failure when using DNS64 and RPZ can lead to crash (CVE-2017-3135) |
| Additional notes | |
| CVE ID | CVE-2016-2775 CVE-2016-2776 CVE-2016-8864 CVE-2016-9131 CVE-2016-9147 CVE-2016-9444 CVE-2017-3142 CVE-2017-3143 CVE-2017-3136 CVE-2017-3137 CVE-2017-3138 CVE-2017-3135 |
| UCS Bug number | #44656 |
