[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Jessie openstack image updated to version 8.8.4-20170709



Just released, including a security update:

8.8.4-20170709

Updates in 1 source package(s), 4 binary package(s):

  Source bind9, binaries: libdns-export100:amd64 libirs-export91:amd64 libisc-export95:amd64 libisccfg-export90:amd64  
  bind9 (1:9.9.5.dfsg-9+deb8u12) jessie-security; urgency=high
  
    * Non-maintainer upload by the Security Team.
    * Add patch to fix CVE-2017-3042 and CVE-2017-3043
      CVE-2017-3042: error in TSIG authentication can permit unauthorized zone
      transfers. An attacker may be able to circumvent TSIG authentication of
      AXFR and Notify requests.
      CVE-2017-3043: error in TSIG authentication can permit unauthorized
      dynamic updates. An attacker may be able to forge a valid TSIG or SIG(0)
      signature for a dynamic update.

-- Steve McIntyre <93sam@debian.org>  Sun, 09 Jul 2017 23:00:58 +0100


-- 
Steve McIntyre, Cambridge, UK.                                steve@einval.com
We don't need no education.
We don't need no thought control.

Attachment: signature.asc
Description: PGP signature


Reply to: