{"id":"MGASA-2017-0478","summary":"Updated bind packages fix security vulnerability","details":"It was discovered that Bind incorrectly handled certain malformed responses\nto an ANY query. A remote attacker could possibly use this issue to cause\nBind to crash, resulting in a denial of service (CVE-2016-9131).\n\nIt was discovered that Bind incorrectly handled certain malformed responses\nto an ANY query. A remote attacker could possibly use this issue to cause\nBind to crash, resulting in a denial of service (CVE-2016-9147).\n\nIt was discovered that Bind incorrectly handled certain malformed DS record\nresponses. A remote attacker could possibly use this issue to cause Bind to\ncrash, resulting in a denial of service (CVE-2016-9444).\n\nAn error in handling certain queries can cause an assertion failure when a\nserver is using the nxdomain-redirect feature to cover a zone for which it is\nalso providing authoritative service.  A vulnerable server could be\nintentionally stopped by an attacker if it was using a configuration that met\nthe criteria for the vulnerability and if the attacker could cause it to accept\na query that possessed the required attributes (CVE-2016-9778).\n\nIt was discovered that Bind incorrectly handled rewriting certain query\nresponses when using both DNS64 and RPZ. A remote attacker could possibly\nuse this issue to cause Bind to crash, resulting in a denial of service\n(CVE-2017-3135).\n\nOleg Gorokhov discovered that in some situations, Bind did not properly\nhandle DNS64 queries. An attacker could use this to cause a denial\nof service (CVE-2017-3136).\n\nIt was discovered that the resolver in Bind made incorrect\nassumptions about ordering when processing responses containing\na CNAME or DNAME. An attacker could use this cause a denial of\nservice (CVE-2017-3137).\n\nMike Lalumiere discovered that in some situations, Bind did\nnot properly handle invalid operations requested via its control\nchannel. An attacker with access to the control channel could cause\na denial of service (CVE-2017-3138).\n\nClément Berthaux discovered that Bind did not correctly check TSIG\nauthentication for zone transfer requests. An attacker could use this\nto improperly transfer entire zones (CVE-2017-3142).\n\nClément Berthaux discovered that Bind did not correctly check TSIG\nauthentication for zone update requests. An attacker could use this\nto improperly perform zone updates (CVE-2017-3143).\n","modified":"2026-04-16T06:24:27.416486315Z","published":"2017-12-31T12:00:06Z","upstream":["CVE-2016-9131","CVE-2016-9147","CVE-2016-9444","CVE-2016-9778","CVE-2017-3135","CVE-2017-3136","CVE-2017-3137","CVE-2017-3138","CVE-2017-3142","CVE-2017-3143"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2017-0478.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=20107"},{"type":"WEB","url":"https://kb.isc.org/article/AA-01439"},{"type":"WEB","url":"https://kb.isc.org/article/AA-01440"},{"type":"WEB","url":"https://kb.isc.org/article/AA-01441"},{"type":"WEB","url":"https://kb.isc.org/article/AA-01442"},{"type":"WEB","url":"https://kb.isc.org/article/AA-01453"},{"type":"WEB","url":"https://kb.isc.org/article/AA-01465"},{"type":"WEB","url":"https://kb.isc.org/article/AA-01466"},{"type":"WEB","url":"https://kb.isc.org/article/AA-01471"},{"type":"WEB","url":"https://kb.isc.org/article/AA-01503"},{"type":"WEB","url":"https://kb.isc.org/article/AA-01504"},{"type":"WEB","url":"https://kb.isc.org/article/AA-01447"},{"type":"WEB","url":"https://kb.isc.org/article/AA-01455"},{"type":"WEB","url":"https://kb.isc.org/article/AA-01484"},{"type":"WEB","url":"https://kb.isc.org/article/AA-01508"},{"type":"WEB","url":"https://ftp.isc.org/isc/bind9/9.10.5-P3/RELEASE-NOTES-bind-9.10.5-P3.html"},{"type":"WEB","url":"https://usn.ubuntu.com/usn/usn-3172-1/"},{"type":"WEB","url":"https://usn.ubuntu.com/usn/usn-3201-1/"},{"type":"WEB","url":"https://usn.ubuntu.com/usn/usn-3259-1/"}],"affected":[{"package":{"name":"bind","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/bind?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"9.10.5.P3-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0478.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}