exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Ubuntu Security Notice USN-3346-1

Ubuntu Security Notice USN-3346-1
Posted Jun 30, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3346-1 - Clement Berthaux discovered that Bind did not correctly check TSIG authentication for zone update requests. An attacker could use this to improperly perform zone updates. Clement Berthaux discovered that Bind did not correctly check TSIG authentication for zone transfer requests. An attacker could use this to improperly transfer entire zones.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2017-3142, CVE-2017-3143
SHA-256 | 8c0a85a29d7e094864d1ecfcffae3ea3162517bb7e02a399d5a29154df774192

Ubuntu Security Notice USN-3346-1

Change Mirror Download

===========================================================================
Ubuntu Security Notice USN-3346-1
June 29, 2017

bind9 vulnerabilities
===========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 17.04
- Ubuntu 16.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Bind could be made to serve incorrect information or expose sensitive
information over the network.

Software Description:
- bind9: Internet Domain Name Server

Details:

Cl=E9ment Berthaux discovered that Bind did not correctly check TSIG
authentication for zone update requests. An attacker could use this
to improperly perform zone updates. (CVE-2017-3143)

Cl=E9ment Berthaux discovered that Bind did not correctly check TSIG
authentication for zone transfer requests. An attacker could use this
to improperly transfer entire zones. (CVE-2017-3142)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.04:
bind9 1:9.10.3.dfsg.P4-10.1ubuntu5.1

Ubuntu 16.10:
bind9 1:9.10.3.dfsg.P4-10.1ubuntu1.7

Ubuntu 16.04 LTS:
bind9 1:9.10.3.dfsg.P4-8ubuntu1.7

Ubuntu 14.04 LTS:
bind9 1:9.9.5.dfsg-3ubuntu0.15

After a standard system update you need to restart Bind to make
all the necessary changes.

References:
https://www.ubuntu.com/usn/usn-3346-1
CVE-2017-3142, CVE-2017-3143

Package Information:
https://launchpad.net/ubuntu/+source/bind9/1:9.10.3.dfsg.P4-10.1ubuntu5.1
https://launchpad.net/ubuntu/+source/bind9/1:9.10.3.dfsg.P4-10.1ubuntu1.7
https://launchpad.net/ubuntu/+source/bind9/1:9.10.3.dfsg.P4-8ubuntu1.7
https://launchpad.net/ubuntu/+source/bind9/1:9.9.5.dfsg-3ubuntu0.15


Login or Register to add favorites

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close