Ubuntu alert USN-3346-1 (bind9)
| From: | Seth Arnold <seth.arnold@canonical.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-3346-1] bind9 vulnerabilities | |
| Date: | Thu, 29 Jun 2017 15:31:10 -0700 | |
| Message-ID: | <20170629223110.GA1618@hunt> |
========================================================================== Ubuntu Security Notice USN-3346-1 June 29, 2017 bind9 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 17.04 - Ubuntu 16.10 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Bind could be made to serve incorrect information or expose sensitive information over the network. Software Description: - bind9: Internet Domain Name Server Details: Clément Berthaux discovered that Bind did not correctly check TSIG authentication for zone update requests. An attacker could use this to improperly perform zone updates. (CVE-2017-3143) Clément Berthaux discovered that Bind did not correctly check TSIG authentication for zone transfer requests. An attacker could use this to improperly transfer entire zones. (CVE-2017-3142) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 17.04: bind9 1:9.10.3.dfsg.P4-10.1ubuntu5.1 Ubuntu 16.10: bind9 1:9.10.3.dfsg.P4-10.1ubuntu1.7 Ubuntu 16.04 LTS: bind9 1:9.10.3.dfsg.P4-8ubuntu1.7 Ubuntu 14.04 LTS: bind9 1:9.9.5.dfsg-3ubuntu0.15 After a standard system update you need to restart Bind to make all the necessary changes. References: https://www.ubuntu.com/usn/usn-3346-1 CVE-2017-3142, CVE-2017-3143 Package Information: https://launchpad.net/ubuntu/+source/bind9/1:9.10.3.dfsg.... https://launchpad.net/ubuntu/+source/bind9/1:9.10.3.dfsg.... https://launchpad.net/ubuntu/+source/bind9/1:9.10.3.dfsg.... https://launchpad.net/ubuntu/+source/bind9/1:9.9.5.dfsg-3... -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security...