Stretch openstack image updated to version 9.0.4-20170709

To: debian-cloud@lists.debian.org
Subject: Stretch openstack image updated to version 9.0.4-20170709
From: Steve McIntyre <steve@einval.com>
Date: Mon, 10 Jul 2017 01:40:30 +0100
Message-id: <[🔎] 20170710004029.q5woy227n6mekesp@tack.einval.com>

Just released, including security updates:

9.0.4-20170709

Updates in 1 source package(s), 4 binary package(s):

  Source bind9, binaries: libdns-export162:amd64 libisc-export160:amd64 libdns-export162:arm64 libisc-export160:arm64  
  bind9 (1:9.10.3.dfsg.P4-12.3+deb9u1) stretch-security; urgency=high
  
    * Non-maintainer upload by the Security Team.
    * debian/patches:
      - debian/patches/CVE-2017-3142+CVE-2017-3143 added, fix TSIG bypasses
        CVE-2017-3142: error in TSIG authentication can permit unauthorized zone
        transfers. An attacker may be able to circumvent TSIG authentication of
        AXFR and Notify requests.
        CVE-2017-3143: error in TSIG authentication can permit unauthorized
        dynamic updates. An attacker may be able to forge a valid TSIG or SIG(0)
        signature for a dynamic update.

-- Steve McIntyre <93sam@debian.org>  Mon, 10 Jul 2017 01:34:12 +0100


-- 
Steve McIntyre, Cambridge, UK.                                steve@einval.com
You raise the blade, you make the change... You re-arrange me 'til I'm sane...

Attachment: signature.asc
Description: PGP signature

Reply to:

Prev by Date: Jessie openstack image updated to version 8.8.4-20170709
Next by Date: Bug#867921: cloud-init: Network configuration doesn't work
Previous by thread: Jessie openstack image updated to version 8.8.4-20170709
Next by thread: Bug#867921: cloud-init: Network configuration doesn't work
Index(es):
- Date
- Thread