Debian-LTS alert DLA-805-1 (bind9)
| From: | Thorsten Alteholz <debian@alteholz.de> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 805-1] bind9 security update | |
| Date: | Sun, 29 Jan 2017 12:36:52 +0100 (CET) | |
| Message-ID: | <alpine.DEB.2.02.1701291235460.24397@jupiter.server.alteholz.net> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : bind9 Version : 1:9.8.4.dfsg.P1-6+nmu2+deb7u14 CVE ID : CVE-2016-9131 CVE-2016-9147 CVE-2016-9444 Several denial-of-service vulnerabilities (assertion failures) were discovered in BIND, a DNS server implementation. CVE-2016-9131 A crafted upstream response to an ANY query could cause an assertion failure. CVE-2016-9147 A crafted upstream response with self-contradicting DNSSEC data could cause an assertion failure. CVE-2016-9444 Specially-crafted upstream responses with a DS record could cause an assertion failure. These vulnerabilities predominantly affect DNS servers providing recursive service. Client queries to authoritative-only servers cannot trigger these assertion failures. These vulnerabilities are present whether or not DNSSEC validation is enabled in the server configuration. For Debian 7 "Wheezy", these problems have been fixed in version 1:9.8.4.dfsg.P1-6+nmu2+deb7u14. We recommend that you upgrade your bind9 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQJ8BAEBCgBmBQJYjdPUXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5 NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHEysP/j4P/8jdsTImdibIgb3aljbF mMhzWnUX8OlgkDCXanHfPH15dJz1KP6c6697Y8Ub/njNBH3BL77dIXwey1RNJhK6 ROH2j3QbS9X7Icc64DrdgIf7x5nFB+M9WvawFYcXxq/eniZ+LuIfMW88Ex1BxKB/ 2d5PJ0Vmk4Hx7mKz8XmWEfZz/8Jkn46b8nRR1ftDd10vQkLAucWDRwTSANqvo0xU NXG875o1RhETVP6X9u3+VY0Ke9grCRRhZRiGy3/cSaloCf2rD4f4GFw4NWBt5/dv l+BlsM2bVUIL/K8ISI2FLz135/e39IfuGnwtu7RQZYA8P8rcgN+hqeoEUpHntUv1 jXH1DRC0fkI7aVqY+PCUEpWn6jAL0vOfaWAt4oOnq+eoIggbZVQJr47WVjxHM32V HwWg2Me2463Mj1FWM66q16C7V1vlVrXaaSpCY1dYDFqvsi9YkCryee9MQ0XSJOAp o+a4lR7g9w66yiSQ+kS+HpQWuNt+dFdVe6uh8+RrTqpwA/zWXlrWCJrUHxkv1Pyc QiAbx/fzs+Tqgd21O7xxtXTcp6p2jS/RA3gSKeArilVMDH/94LvUEOaaafn+Svz/ v5j4kwAbEBrSTw0JF+SraRJInm0vL4iU0AHVpKth2AxKvxRcyznu48qHSC7uXaUt qFETgjSZ3C47RbnX8poB =teep -----END PGP SIGNATURE-----