Several security issues were fixed in Bind ...
Several vulnerabilities were discovered in BIND, a DNS server
implementation The Common Vulnerabilities and Exposures project
identifies the following problems:
CVE-2017-3136
Oleg Gorokhov of Yandex discovered that BIND does not properly
handle certain queries when using DNS64 with the "break-dnssec yes;"
option, allowing a remote att ...
Synopsis
Important: bind security update
Type/Severity
Security Advisory: Important
Topic
An update for bind is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which ...
Synopsis
Important: bind security update
Type/Severity
Security Advisory: Important
Topic
An update for bind is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which ...
Synopsis
Important: bind security and bug fix update
Type/Severity
Security Advisory: Important
Topic
An update for bind is now available for Red Hat Enterprise Linux 72 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability S ...
Synopsis
Important: bind security and bug fix update
Type/Severity
Security Advisory: Important
Topic
An update for bind is now available for Red Hat Enterprise Linux 62 Advanced Update Support, Red Hat Enterprise Linux 64 Advanced Update Support, Red Hat Enterprise Linux 65 Advanced Update Support, Red ...
Debian Bug report logs -
#860224
bind9: CVE-2017-3136: An error handling synthesized records could cause an assertion failure when using DNS64 with "break-dnssec yes;"
Package:
src:bind9;
Maintainer for src:bind9 is Debian DNS Team <team+dns@trackerdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Da ...
Debian Bug report logs -
#860226
bind9: CVE-2017-3138: named exits with a REQUIRE assertion failure if it receives a null command string on its control channel
Package:
src:bind9;
Maintainer for src:bind9 is Debian DNS Team <team+dns@trackerdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Thu, ...
Debian Bug report logs -
#889285
bind9: CVE-2018-5735: assertion failure in validatorc:1858
Package:
bind9;
Maintainer for bind9 is Debian DNS Team <team+dns@trackerdebianorg>; Source for bind9 is src:bind9 (PTS, buildd, popcon)
Reported by: Vladislav Kurz <vladislavkurz@webstepnet>
Date: Sat, 3 Feb 2018 10:15: ...
Debian Bug report logs -
#860225
bind9: CVE-2017-3137: A response packet can cause a resolver to terminate when processing an answer containing a CNAME or DNAME
Package:
src:bind9;
Maintainer for src:bind9 is Debian DNS Team <team+dns@trackerdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Thu ...
A denial of service flaw was found in the way BIND handled a query response containing CNAME or DNAME resource records in an unusual order A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response (CVE-2017-3137)
A denial of service flaw was found in the way BIND handled q ...
A denial of service flaw was found in the way BIND handled a query response containing CNAME or DNAME resource records in an unusual order A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response ...
A security issue has been found in bind, where a server which is performing recursion can be forced to exit with an assertion failure if it can be caused to receive a response containing CNAME or DNAME resource records with certain ordering ...