drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in BIND
Name: |
Zwei Probleme in BIND |
|
ID: |
USN-3346-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 16.10, Ubuntu 17.04 |
|
Datum: |
Fr, 30. Juni 2017, 00:58 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3142
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3143 |
|
Applikationen: |
BIND |
|
Originalnachricht |
--===============4261089980195744769== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="WIyZ46R2i8wDzkSu" Content-Disposition: inline
--WIyZ46R2i8wDzkSu Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inlin Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-3346-1 June 29, 2017
bind9 vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04 - Ubuntu 16.10 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS
Summary:
Bind could be made to serve incorrect information or expose sensitive information over the network.
Software Description: - bind9: Internet Domain Name Server
Details:
Clément Berthaux discovered that Bind did not correctly check TSIG authentication for zone update requests. An attacker could use this to improperly perform zone updates. (CVE-2017-3143)
Clément Berthaux discovered that Bind did not correctly check TSIG authentication for zone transfer requests. An attacker could use this to improperly transfer entire zones. (CVE-2017-3142)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 17.04: bind9 1:9.10.3.dfsg.P4-10.1ubuntu5.1
Ubuntu 16.10: bind9 1:9.10.3.dfsg.P4-10.1ubuntu1.7
Ubuntu 16.04 LTS: bind9 1:9.10.3.dfsg.P4-8ubuntu1.7
Ubuntu 14.04 LTS: bind9 1:9.9.5.dfsg-3ubuntu0.15
After a standard system update you need to restart Bind to make all the necessary changes.
References: https://www.ubuntu.com/usn/usn-3346-1 CVE-2017-3142, CVE-2017-3143
Package Information: https://launchpad.net/ubuntu/+source/bind9/1:9.10.3.dfsg.P4-10.1ubuntu5.1 https://launchpad.net/ubuntu/+source/bind9/1:9.10.3.dfsg.P4-10.1ubuntu1.7 https://launchpad.net/ubuntu/+source/bind9/1:9.10.3.dfsg.P4-8ubuntu1.7 https://launchpad.net/ubuntu/+source/bind9/1:9.9.5.dfsg-3ubuntu0.15
--WIyZ46R2i8wDzkSu Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEcBAEBCgAGBQJZVX+uAAoJEPMhclmdjS6XoPoH/1E8Xavjr8Bl3YTqB1HOlgvo 8ZVVleFNJf8yCLEkEm7NosuVfxvMRAHxxoViOabrdVH8DQak32jTR+DjxeDI+NK3 E1SarziV35oIttDYxQKBGZwvOw83p0HnzZmThYI6Dob1qO0yso0qH3in1tEFhEct SSo+9BD4WXgzO1mnWkQYoBDVMSm93qWXEqLdy+WGC3dPquPMY810Ghu0h1ooPESq xq7vhlNvB477UmrBfAFL7UQypjqgiSX/vyjLxNx5HOwJPleEALvc6GuS/2mWXC74 B1OG7DrnqjYcj4cIgZxlit0EbL4sU/jXlR54SnRnEBlf9I1pEu60OKgCjpQVF5s= =llU1 -----END PGP SIGNATURE-----
--WIyZ46R2i8wDzkSu--
--===============4261089980195744769== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============4261089980195744769==--
|
|
|
|