[SECURITY] [DSA 3795-1] bind9 security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-3795-1 security@debian.org
https://www.debian.org/security/ Michael Gilbert
February 26, 2017 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : bind9
CVE ID : CVE-2017-3135
Debian Bug : 855520
It was discovered that a maliciously crafted query can cause ISC's
BIND DNS server (named) to crash if both Response Policy Zones (RPZ)
and DNS64 (a bridge between IPv4 and IPv6 networks) are enabled. It
is uncommon for both of these options to be used in combination, so
very few systems will be affected by this problem in practice.
This update also corrects an additional regression caused by the fix
for CVE-2016-8864, which was applied in a previous security update.
For the stable distribution (jessie), this problem has been fixed in
version 1:9.9.5.dfsg-9+deb8u10.
For the testing (stretch) and unstable (sid) distributions, this
problem has been fixed in version 1:9.10.3.dfsg.P4-12.
We recommend that you upgrade your bind9 packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAliyQEYACgkQuNayzQLW
9HMZVx/9H5lwU5/miP1j2JDkWToPNQRWa5Tm+UI1X+8APc+k1CsjPj7DESEJ5vKr
kZigmrWnuVbla1K+19sL3zYgBeN2PIOQywEyeP4Os33zufAvjSxiwNmxd7lABlF8
cpryWmdStxkFGapgHnjNJkAtRADiRr904Yy4EVMIlowaDxf2xoFScvKGkDfwQb2E
/xzGoRVC8gzWGUtAqTPk1PTuN3XoHLBxLP0u+tthkuBA7QI1GxBuu+hKc+NrBDN5
QT9sIF+5aVEnWOhRoCRwpCfeelBG0LDB0VZrVl6Wbp3rj78urw6Eo3wKEpO9HHR3
iICnTf1/QddHOEUwkWC0XVoUddqI9QYhb7EYiqRWMBNEaQAQANBHG4eQtX0Y/TE6
GwqeLXTLiBP+jZExvZxMhoQ10grg3fXExG1FuW/rAF+YlxQTyAhDSUXFuNtuVVtZ
+V5GMLbXIdsW4G5JEGNHuiiwJYzhp4l3r3c0FrvgcXJ9r8YEwalBCVjAshc31Eq8
Fd+VAQAiTfiA9KHEFxAhWRn1IS73K5ByitJeJ2n5qfXB7GrJZal9Y3snegmA1PGD
8ZQ2tryJ2GD7yVXe73+isZiTYPPzPasoAys/UN08F/j3yO44vIdgjJg8xnQ7N+lN
outKPUmZ3wuttJZa4MtsSw3fUYKYIQDqljsGnZ0592B+V44aq4UvZ7nOJkfTkiV3
o8B16trbMzOWICSglhPasf3XJrG3dKNOpuWj964g898w4mzJjEwSMU6edQj7kHTz
OMK2Tup+tndHoAPtm5ymN709zx7RPpZ9tRoTdWqQkgemJfPpLMG26/oyCVfL2+a7
RqnWJWlvpj2RVfctO2ESMw9GYJ1vDib/M1S9NKZADMFTBMVfuAGcheS7KaObtO8V
B7UnDOE1Q7O1LRl7krvAbRcJkmDM2QdsrJJWSfCwaCrI4Tv4qJZbi4OtvEE92UQh
YqoSYT+j7AAFiiEg4YQ230S/VeF5a9aF5rAqrk2V15pCbldTVApqKqXy9G6w+8hK
aG5JK+K3y5PF07E+cXynfyMKKM1jIFckrgBLx53gXeAl3gGuggmZr0aXnY2+KCyR
lQIwf+b+hYJlIPgT1PaxCDGrRZ1O9qlQvfkMkZubN6NUKUSWMkNzgdXd+oY6ETn+
MR8W/qz/mWhgCq7BBzkpO/HzNaQ+h2x+2/0NS6tXP8SQEw/8W4zsxwKg3tuXVVOd
Ix5SMLkcb0VxzOvvLxycdbu/cAQa7rJyZdhAsR639aIlIy/1SVtKyPalnmAet6vm
YuVtOWErusmlnCLlB2uLRpGFqNMByNjx9UyQfCQILHyY6yC6+O1gOv6ZAIdFivc/
bcY/PLeQuTJqF7UymjuTnZ3617ADRQ==
=wXg6
-----END PGP SIGNATURE-----
Reply to: