Just released, including security updates: 9.0.4-20170709
Updates in 1 source package(s), 4 binary package(s):
Source bind9, binaries: libdns-export162:amd64 libisc-export160:amd64
libdns-export162:arm64 libisc-export160:arm64
bind9 (1:9.10.3.dfsg.P4-12.3+deb9u1) stretch-security; urgency=high
* Non-maintainer upload by the Security Team.
* debian/patches:
- debian/patches/CVE-2017-3142+CVE-2017-3143 added, fix TSIG bypasses
CVE-2017-3142: error in TSIG authentication can permit unauthorized zone
transfers. An attacker may be able to circumvent TSIG authentication of
AXFR and Notify requests.
CVE-2017-3143: error in TSIG authentication can permit unauthorized
dynamic updates. An attacker may be able to forge a valid TSIG or SIG(0)
signature for a dynamic update.
-- Steve McIntyre <[email protected]> Mon, 10 Jul 2017 01:34:12 +0100
--
Steve McIntyre, Cambridge, UK. [email protected]
You raise the blade, you make the change... You re-arrange me 'til I'm sane...
signature.asc
Description: PGP signature
