Login
Newsletter
Werbung
Sicherheit: Zwei Probleme in BIND (Aktualisierung)
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in BIND (Aktualisierung)
ID: USN-3346-2
Distribution: Ubuntu
Plattformen: Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 17.04
Datum: Mo, 18. September 2017, 22:33
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3142
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3143
Applikationen: BIND
Update von: Zwei Probleme in BIND

Originalnachricht

 
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============4362229139187487814==
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature";
 boundary="LealaFXiG37LGOjqSw7BLIxicOGCNRtfF"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--LealaFXiG37LGOjqSw7BLIxicOGCNRtfF
Content-Type: multipart/mixed;
 boundary="kAXlLMf64WIivRRMTLtgnuTCWnfGarQ4x";
 protected-headers="v1"
From: Marc Deslauriers <marc.deslauriers@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <0c6cdbbf-a94e-0470-9137-7b6726099eb5@canonical.com>
Subject: [USN-3346-2] Bind regression

--kAXlLMf64WIivRRMTLtgnuTCWnfGarQ4x
Content-Type: text/plain; charset=utf-8
Content-Language: en-C
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-3346-2
September 18, 2017

bind9 regression
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 17.04
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

USN-3346-1 introduced a regression in Bind.

Software Description:
- bind9: Internet Domain Name Server

Details:

USN-3346-1 fixed vulnerabilities in Bind. The fix for CVE-2017-3142
introduced a regression in the ability to receive an AXFR or IXFR in the
case where TSIG is used and not every message is signed. This update fixes
the problem.

In addition, this update adds the new root zone key signing key (KSK).

Original advisory details:

 Clément Berthaux discovered that Bind did not correctly check TSIG
 authentication for zone update requests. An attacker could use this
 to improperly perform zone updates. (CVE-2017-3143)
  Clément Berthaux discovered that Bind did not correctly check TSIG
 authentication for zone transfer requests. An attacker could use this
 to improperly transfer entire zones. (CVE-2017-3142)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.04:
  bind9                           1:9.10.3.dfsg.P4-10.1ubuntu5.2

Ubuntu 16.04 LTS:
  bind9                           1:9.10.3.dfsg.P4-8ubuntu1.8

Ubuntu 14.04 LTS:
  bind9                           1:9.9.5.dfsg-3ubuntu0.16

After a standard system update you need to restart Bind to make
all the necessary changes.

References:
  https://www.ubuntu.com/usn/usn-3346-2
  https://www.ubuntu.com/usn/usn-3346-1
  https://launchpad.net/bugs/1717981

Package Information:
  https://launchpad.net/ubuntu/+source/bind9/1:9.10.3.dfsg.P4-10.1ubuntu5.2
  https://launchpad.net/ubuntu/+source/bind9/1:9.10.3.dfsg.P4-8ubuntu1.8
  https://launchpad.net/ubuntu/+source/bind9/1:9.9.5.dfsg-3ubuntu0.16



--kAXlLMf64WIivRRMTLtgnuTCWnfGarQ4x--

--LealaFXiG37LGOjqSw7BLIxicOGCNRtfF
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCgAGBQJZwAs6AAoJEGVp2FWnRL6T6sMP/3HyjsSiUXYaG4MIs9mpCnHq
g6OPaG8j4fsEABje8SIu8jlGAiFRlrF+fesItALklTjRTUjJJ4D7mPQkxzcREDKU
QaAu42cVXxTzI9DWqun/BxSi1yyhUGYxSJewGJ1qacOa7McjbUTJS6NAZP1O+hKl
g+oXGOTS5E/yzPolhlzwCrZJGsnz+6CbRnn7Z9e+/RXV3g0O10R9vvGSb1iiaXYr
TpWkYBTCHAYTZ6F5x1ajPWKVjQyG+VckpwELz6QaMqK5AEm2Zdx3pvr+rtiVX+Rz
y1QA6UkkbO5AcXz1BdbSIBcn2VL+2aDhHEMbTcjY7zhozTopYOThJnvBSx1xCQN0
ClczSzf8//x7an7/UccX2YW1UJAHG+WJhvzM13AerwCvYkz5OeeCCXi1fzLyY3FN
hHP7xl9J9MBnVhacZZuxOw2BHi0xG9ny81pA5zs0TWPmYxmZfKUsH7jzsAIPFJWQ
USi2ye05+rahRINEV0AdHsndndUu/+uvrIhfuywWH3SmVe/+4WWO+S+KYAw+V8ke
QEPI1pPZHqyNd7Q3RJQfVH2iwBUfssVumTGA9PKjB/spD7Yb9RxrVkaunjNCohAn
wwgu5DOPYWQCVpFInU5eEpPuzjyXXJ3iuRWCOUa3XwIt4SHpQoC6ThehGGVKbyOc
ufhJN5ut7Gm2wcvvnFIf
=NpWW
-----END PGP SIGNATURE-----

--LealaFXiG37LGOjqSw7BLIxicOGCNRtfF--


--===============4362229139187487814==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK

--===============4362229139187487814==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung