DebianDEBIAN:DLA-645-1:784F3[SECURITY] [DLA 645-1] bind9 security update
7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
7.7 High
AI Score
Confidence
High
0.972 High
EPSS
Percentile
99.8%
Package : bind9
Version : 1:9.8.4.dfsg.P1-6+nmu2+deb7u11
CVE ID : CVE-2016-2775 CVE-2016-2776
Debian Bug : 831796 839010
CVE-2016-2775
lwresd crash with long query name
Backport of upstream commit 38cc2d14e218e536e0102fa70deef99461354232.
CVE-2016-2776
assertion failure due to unspecified crafted query
Fix based on 43139-9-9.patch from ISC.
For Debian 7 "Wheezy", these problems have been fixed in version
1:9.8.4.dfsg.P1-6+nmu2+deb7u11.
We recommend that you upgrade your bind9 packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 7 | armhf | libbind-dev | < 1:9.8.4.dfsg.P1-6+nmu2+deb7u11 | libbind-dev_1:9.8.4.dfsg.P1-6+nmu2+deb7u11_armhf.deb |
| Debian | 8 | amd64 | libisccc90 | < 1:9.9.5.dfsg-9+deb8u7 | libisccc90_1:9.9.5.dfsg-9+deb8u7_amd64.deb |
| Debian | 8 | armel | libdns-export100-udeb | < 1:9.9.5.dfsg-9+deb8u7 | libdns-export100-udeb_1:9.9.5.dfsg-9+deb8u7_armel.deb |
| Debian | 8 | amd64 | libbind-dev | < 1:9.9.5.dfsg-9+deb8u7 | libbind-dev_1:9.9.5.dfsg-9+deb8u7_amd64.deb |
| Debian | 8 | amd64 | libirs-export91 | < 1:9.9.5.dfsg-9+deb8u7 | libirs-export91_1:9.9.5.dfsg-9+deb8u7_amd64.deb |
| Debian | 8 | kfreebsd-amd64 | bind9-host | < 1:9.9.5.dfsg-9+deb8u7 | bind9-host_1:9.9.5.dfsg-9+deb8u7_kfreebsd-amd64.deb |
| Debian | 8 | ppc64el | dnsutils | < 1:9.9.5.dfsg-9+deb8u7 | dnsutils_1:9.9.5.dfsg-9+deb8u7_ppc64el.deb |
| Debian | 8 | s390x | libisc95 | < 1:9.9.5.dfsg-9+deb8u7 | libisc95_1:9.9.5.dfsg-9+deb8u7_s390x.deb |
| Debian | 8 | armhf | lwresd | < 1:9.9.5.dfsg-9+deb8u7 | lwresd_1:9.9.5.dfsg-9+deb8u7_armhf.deb |
| Debian | 7 | amd64 | libisc84 | < 1:9.8.4.dfsg.P1-6+nmu2+deb7u11 | libisc84_1:9.8.4.dfsg.P1-6+nmu2+deb7u11_amd64.deb |
Related
7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
7.7 High
AI Score
Confidence
High
0.972 High
EPSS
Percentile
99.8%