drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in BIND (Aktualisierung)
Name: |
Zwei Probleme in BIND (Aktualisierung) |
|
ID: |
USN-3346-2 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 17.04 |
|
Datum: |
Mo, 18. September 2017, 22:33 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3142
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3143 |
|
Applikationen: |
BIND |
|
Update von: |
Zwei Probleme in BIND |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============4362229139187487814== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="LealaFXiG37LGOjqSw7BLIxicOGCNRtfF"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --LealaFXiG37LGOjqSw7BLIxicOGCNRtfF Content-Type: multipart/mixed; boundary="kAXlLMf64WIivRRMTLtgnuTCWnfGarQ4x"; protected-headers="v1" From: Marc Deslauriers <marc.deslauriers@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <0c6cdbbf-a94e-0470-9137-7b6726099eb5@canonical.com> Subject: [USN-3346-2] Bind regression
--kAXlLMf64WIivRRMTLtgnuTCWnfGarQ4x Content-Type: text/plain; charset=utf-8 Content-Language: en-C Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-3346-2 September 18, 2017
bind9 regression ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS
Summary:
USN-3346-1 introduced a regression in Bind.
Software Description: - bind9: Internet Domain Name Server
Details:
USN-3346-1 fixed vulnerabilities in Bind. The fix for CVE-2017-3142 introduced a regression in the ability to receive an AXFR or IXFR in the case where TSIG is used and not every message is signed. This update fixes the problem.
In addition, this update adds the new root zone key signing key (KSK).
Original advisory details:
Clément Berthaux discovered that Bind did not correctly check TSIG authentication for zone update requests. An attacker could use this to improperly perform zone updates. (CVE-2017-3143) Clément Berthaux discovered that Bind did not correctly check TSIG authentication for zone transfer requests. An attacker could use this to improperly transfer entire zones. (CVE-2017-3142)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 17.04: bind9 1:9.10.3.dfsg.P4-10.1ubuntu5.2
Ubuntu 16.04 LTS: bind9 1:9.10.3.dfsg.P4-8ubuntu1.8
Ubuntu 14.04 LTS: bind9 1:9.9.5.dfsg-3ubuntu0.16
After a standard system update you need to restart Bind to make all the necessary changes.
References: https://www.ubuntu.com/usn/usn-3346-2 https://www.ubuntu.com/usn/usn-3346-1 https://launchpad.net/bugs/1717981
Package Information: https://launchpad.net/ubuntu/+source/bind9/1:9.10.3.dfsg.P4-10.1ubuntu5.2 https://launchpad.net/ubuntu/+source/bind9/1:9.10.3.dfsg.P4-8ubuntu1.8 https://launchpad.net/ubuntu/+source/bind9/1:9.9.5.dfsg-3ubuntu0.16
--kAXlLMf64WIivRRMTLtgnuTCWnfGarQ4x--
--LealaFXiG37LGOjqSw7BLIxicOGCNRtfF Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQIcBAEBCgAGBQJZwAs6AAoJEGVp2FWnRL6T6sMP/3HyjsSiUXYaG4MIs9mpCnHq g6OPaG8j4fsEABje8SIu8jlGAiFRlrF+fesItALklTjRTUjJJ4D7mPQkxzcREDKU QaAu42cVXxTzI9DWqun/BxSi1yyhUGYxSJewGJ1qacOa7McjbUTJS6NAZP1O+hKl g+oXGOTS5E/yzPolhlzwCrZJGsnz+6CbRnn7Z9e+/RXV3g0O10R9vvGSb1iiaXYr TpWkYBTCHAYTZ6F5x1ajPWKVjQyG+VckpwELz6QaMqK5AEm2Zdx3pvr+rtiVX+Rz y1QA6UkkbO5AcXz1BdbSIBcn2VL+2aDhHEMbTcjY7zhozTopYOThJnvBSx1xCQN0 ClczSzf8//x7an7/UccX2YW1UJAHG+WJhvzM13AerwCvYkz5OeeCCXi1fzLyY3FN hHP7xl9J9MBnVhacZZuxOw2BHi0xG9ny81pA5zs0TWPmYxmZfKUsH7jzsAIPFJWQ USi2ye05+rahRINEV0AdHsndndUu/+uvrIhfuywWH3SmVe/+4WWO+S+KYAw+V8ke QEPI1pPZHqyNd7Q3RJQfVH2iwBUfssVumTGA9PKjB/spD7Yb9RxrVkaunjNCohAn wwgu5DOPYWQCVpFInU5eEpPuzjyXXJ3iuRWCOUa3XwIt4SHpQoC6ThehGGVKbyOc ufhJN5ut7Gm2wcvvnFIf =NpWW -----END PGP SIGNATURE-----
--LealaFXiG37LGOjqSw7BLIxicOGCNRtfF--
--===============4362229139187487814== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5 LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj dXJpdHktYW5ub3VuY2UK
--===============4362229139187487814==--
|
|
|
|