{"id":"USN-3346-2","summary":"bind9 regression","details":"USN-3346-1 fixed vulnerabilities in Bind. The fix for CVE-2017-3142\nintroduced a regression in the ability to receive an AXFR or IXFR in the\ncase where TSIG is used and not every message is signed. This update fixes\nthe problem.\n\nIn addition, this update adds the new root zone key signing key (KSK).\n\nOriginal advisory details:\n\n Clément Berthaux discovered that Bind did not correctly check TSIG\n authentication for zone update requests. An attacker could use this\n to improperly perform zone updates. (CVE-2017-3143)\n \n Clément Berthaux discovered that Bind did not correctly check TSIG\n authentication for zone transfer requests. An attacker could use this\n to improperly transfer entire zones. (CVE-2017-3142)\n","modified":"2026-02-10T04:41:09Z","published":"2017-09-18T17:15:08Z","references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-3346-2"},{"type":"REPORT","url":"https://launchpad.net/bugs/1717981"}],"affected":[{"package":{"name":"bind9","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/bind9@1:9.9.5.dfsg-3ubuntu0.16?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:9.9.5.dfsg-3ubuntu0.16"}]}],"versions":["1:9.9.3.dfsg.P2-4ubuntu1","1:9.9.3.dfsg.P2-4ubuntu2","1:9.9.3.dfsg.P2-4ubuntu3","1:9.9.5.dfsg-2","1:9.9.5.dfsg-3","1:9.9.5.dfsg-3ubuntu0.1","1:9.9.5.dfsg-3ubuntu0.2","1:9.9.5.dfsg-3ubuntu0.3","1:9.9.5.dfsg-3ubuntu0.4","1:9.9.5.dfsg-3ubuntu0.5","1:9.9.5.dfsg-3ubuntu0.6","1:9.9.5.dfsg-3ubuntu0.7","1:9.9.5.dfsg-3ubuntu0.8","1:9.9.5.dfsg-3ubuntu0.9","1:9.9.5.dfsg-3ubuntu0.10","1:9.9.5.dfsg-3ubuntu0.11","1:9.9.5.dfsg-3ubuntu0.12","1:9.9.5.dfsg-3ubuntu0.13","1:9.9.5.dfsg-3ubuntu0.14","1:9.9.5.dfsg-3ubuntu0.15"],"ecosystem_specific":{"binaries":[{"binary_version":"1:9.9.5.dfsg-3ubuntu0.16","binary_name":"bind9"},{"binary_version":"1:9.9.5.dfsg-3ubuntu0.16","binary_name":"bind9-host"},{"binary_version":"1:9.9.5.dfsg-3ubuntu0.16","binary_name":"bind9utils"},{"binary_version":"1:9.9.5.dfsg-3ubuntu0.16","binary_name":"dnsutils"},{"binary_version":"1:9.9.5.dfsg-3ubuntu0.16","binary_name":"host"},{"binary_version":"1:9.9.5.dfsg-3ubuntu0.16","binary_name":"libbind-dev"},{"binary_version":"1:9.9.5.dfsg-3ubuntu0.16","binary_name":"libbind9-90"},{"binary_version":"1:9.9.5.dfsg-3ubuntu0.16","binary_name":"libdns100"},{"binary_version":"1:9.9.5.dfsg-3ubuntu0.16","binary_name":"libisc95"},{"binary_version":"1:9.9.5.dfsg-3ubuntu0.16","binary_name":"libisccc90"},{"binary_version":"1:9.9.5.dfsg-3ubuntu0.16","binary_name":"libisccfg90"},{"binary_version":"1:9.9.5.dfsg-3ubuntu0.16","binary_name":"liblwres90"},{"binary_version":"1:9.9.5.dfsg-3ubuntu0.16","binary_name":"lwresd"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:14.04:LTS","cves":[]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3346-2.json"}},{"package":{"name":"bind9","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/bind9@1:9.10.3.dfsg.P4-8ubuntu1.8?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:9.10.3.dfsg.P4-8ubuntu1.8"}]}],"versions":["1:9.9.5.dfsg-11ubuntu1","1:9.9.5.dfsg-12","1:9.9.5.dfsg-12.1","1:9.9.5.dfsg-12.1ubuntu1","1:9.10.3.dfsg.P2-4","1:9.10.3.dfsg.P2-5","1:9.10.3.dfsg.P4-3","1:9.10.3.dfsg.P4-4","1:9.10.3.dfsg.P4-5","1:9.10.3.dfsg.P4-8","1:9.10.3.dfsg.P4-8ubuntu1","1:9.10.3.dfsg.P4-8ubuntu1.1","1:9.10.3.dfsg.P4-8ubuntu1.2","1:9.10.3.dfsg.P4-8ubuntu1.3","1:9.10.3.dfsg.P4-8ubuntu1.4","1:9.10.3.dfsg.P4-8ubuntu1.5","1:9.10.3.dfsg.P4-8ubuntu1.6","1:9.10.3.dfsg.P4-8ubuntu1.7"],"ecosystem_specific":{"binaries":[{"binary_version":"1:9.10.3.dfsg.P4-8ubuntu1.8","binary_name":"bind9"},{"binary_version":"1:9.10.3.dfsg.P4-8ubuntu1.8","binary_name":"bind9-host"},{"binary_version":"1:9.10.3.dfsg.P4-8ubuntu1.8","binary_name":"bind9utils"},{"binary_version":"1:9.10.3.dfsg.P4-8ubuntu1.8","binary_name":"dnsutils"},{"binary_version":"1:9.10.3.dfsg.P4-8ubuntu1.8","binary_name":"host"},{"binary_version":"1:9.10.3.dfsg.P4-8ubuntu1.8","binary_name":"libbind-dev"},{"binary_version":"1:9.10.3.dfsg.P4-8ubuntu1.8","binary_name":"libbind-export-dev"},{"binary_version":"1:9.10.3.dfsg.P4-8ubuntu1.8","binary_name":"libbind9-140"},{"binary_version":"1:9.10.3.dfsg.P4-8ubuntu1.8","binary_name":"libdns-export162"},{"binary_version":"1:9.10.3.dfsg.P4-8ubuntu1.8","binary_name":"libdns162"},{"binary_version":"1:9.10.3.dfsg.P4-8ubuntu1.8","binary_name":"libirs-export141"},{"binary_version":"1:9.10.3.dfsg.P4-8ubuntu1.8","binary_name":"libirs141"},{"binary_version":"1:9.10.3.dfsg.P4-8ubuntu1.8","binary_name":"libisc-export160"},{"binary_version":"1:9.10.3.dfsg.P4-8ubuntu1.8","binary_name":"libisc160"},{"binary_version":"1:9.10.3.dfsg.P4-8ubuntu1.8","binary_name":"libisccc-export140"},{"binary_version":"1:9.10.3.dfsg.P4-8ubuntu1.8","binary_name":"libisccc140"},{"binary_version":"1:9.10.3.dfsg.P4-8ubuntu1.8","binary_name":"libisccfg-export140"},{"binary_version":"1:9.10.3.dfsg.P4-8ubuntu1.8","binary_name":"libisccfg140"},{"binary_version":"1:9.10.3.dfsg.P4-8ubuntu1.8","binary_name":"liblwres141"},{"binary_version":"1:9.10.3.dfsg.P4-8ubuntu1.8","binary_name":"lwresd"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:16.04:LTS","cves":[]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3346-2.json"}}],"schema_version":"1.7.3"}