Lucene search
SuseOPENSUSE-SU-2017:1809-1HistoryJul 07, 2017 - 12:14 a.m.
Security update for bind (important)
2017-07-0700:14:32
lists.opensuse.org
50
0.04 Low
EPSS
Percentile
92.1%
This update for bind fixes the following issues:
-
An attacker with the ability to send and receive messages to an
authoritative DNS server was able to circumvent TSIG authentication of
AXFR requests. A server that relied solely on TSIG keys for protection
could be manipulated into (1) providing an AXFR of a zone to an
unauthorized recipient and (2) accepting bogus Notify packets.
[bsc#1046554, CVE-2017-3142] -
An attacker who with the ability to send and receive messages to an
authoritative DNS server and who had knowledge of a valid TSIG key name
for the zone and service being targeted was able to manipulate BIND into
accepting an unauthorized dynamic update. [bsc#1046555, CVE-2017-3143]
This update was imported from the SUSE:SLE-12-SP1:Update update project.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| openSUSE Leap | 42.2 | i586 | bind-debuginfo | < 9.9.9P1-48.6.1 | bind-debuginfo-9.9.9P1-48.6.1.i586.rpm |
| openSUSE Leap | 42.2 | noarch | bind-doc | < 9.9.9P1-48.6.1 | bind-doc-9.9.9P1-48.6.1.noarch.rpm |
| openSUSE Leap | 42.2 | i586 | bind-devel | < 9.9.9P1-48.6.1 | bind-devel-9.9.9P1-48.6.1.i586.rpm |
| openSUSE Leap | 42.2 | x86_64 | bind-devel | < 9.9.9P1-48.6.1 | bind-devel-9.9.9P1-48.6.1.x86_64.rpm |
| openSUSE Leap | 42.2 | x86_64 | bind-libs | < 9.9.9P1-48.6.1 | bind-libs-9.9.9P1-48.6.1.x86_64.rpm |
| openSUSE Leap | 42.2 | x86_64 | bind-utils-debuginfo | < 9.9.9P1-48.6.1 | bind-utils-debuginfo-9.9.9P1-48.6.1.x86_64.rpm |
| openSUSE Leap | 42.2 | x86_64 | bind-chrootenv | < 9.9.9P1-48.6.1 | bind-chrootenv-9.9.9P1-48.6.1.x86_64.rpm |
| openSUSE Leap | 42.2 | i586 | bind-utils | < 9.9.9P1-48.6.1 | bind-utils-9.9.9P1-48.6.1.i586.rpm |
| openSUSE Leap | 42.2 | i586 | bind-lwresd-debuginfo | < 9.9.9P1-48.6.1 | bind-lwresd-debuginfo-9.9.9P1-48.6.1.i586.rpm |
| openSUSE Leap | 42.2 | x86_64 | bind-lwresd | < 9.9.9P1-48.6.1 | bind-lwresd-9.9.9P1-48.6.1.x86_64.rpm |
Related
suse
suse
Security update for bind (important)
2017-06-30 03:10:13
Security update for bind (important)
2017-06-30 03:10:50
Security update for bind (important)
2017-06-30 03:09:33
nessus
nessus
SUSE SLED12 / SLES12 Security Update : bind (SUSE-SU-2017:1736-1)
2017-06-30 00:00:00
SUSE SLES11 Security Update : bind (SUSE-SU-2017:1737-1)
2017-06-30 00:00:00
SUSE SLES12 Security Update : bind (SUSE-SU-2017:1738-1)
2017-06-30 00:00:00
aix
aix
There are vulnerabilities in BIND that impact AIX.
2017-08-23 09:01:23
amazon
amazon
Important: bind
2017-07-20 01:20:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2017:1738-1)
2021-04-19 00:00:00
Ubuntu: Security Advisory (USN-3346-1)
2017-06-30 00:00:00
RedHat Update for bind RHSA-2017:1679-01
2017-07-14 00:00:00
redhat
redhat
(RHSA-2017:1680) Important: bind security and bug fix update
2017-07-05 05:48:46
(RHSA-2017:1679) Important: bind security and bug fix update
2017-07-05 05:47:45
ubuntu
ubuntu
bind9 vulnerabilities
2017-06-29 00:00:00
Bind vulnerabilities
2017-11-08 00:00:00
Bind regression
2017-09-18 00:00:00
oraclelinux
oraclelinux
bind security and bug fix update
2017-07-05 00:00:00
bind security and bug fix update
2017-07-05 00:00:00
osv
osv
bind9 - security update
2017-07-08 00:00:00
bind9 - security update
2017-07-13 00:00:00
CVE-2017-3142
2019-01-16 20:29:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in OpenSource ISC Bind affects IBM Netezza Host Management
2019-10-18 03:10:29
Security Bulletin: IBM i is affected by networking BIND vulnerabilities (CVE-2017-3142 and CVE-2017-3143)
2019-12-18 14:26:38
Security Bulletin: Smart Cloud Entry is affected by ISC BIND vulnerabilities
2020-07-19 00:49:12
fedora
fedora
[SECURITY] Fedora 24 Update: bind99-9.9.10-2.P3.fc24
2017-07-27 19:51:32
[SECURITY] Fedora 24 Update: dhcp-4.3.4-4.fc24
2017-07-27 19:51:32
[SECURITY] Fedora 26 Update: bind-9.11.1-2.P2.fc26
2017-07-07 23:23:27
slackware
slackware
[slackware-security] bind
2017-06-29 21:34:39
cloudfoundry
cloudfoundry
USN-3346-2: Bind regression | Cloud Foundry
2018-05-02 00:00:00
USN-3346-1: bind9 vulnerabilities | Cloud Foundry
2017-08-04 00:00:00
debian
debian
[SECURITY] [DSA 3904-1] bind9 security update
2017-07-08 12:56:02
[SECURITY] [DLA 1025-1] bind9 security update
2017-07-13 20:23:07
[SECURITY] [DSA 3904-2] bind9 regression update
2017-07-23 19:07:02
centos
centos
bind security update
2017-07-05 18:28:39
bind security update
2017-07-05 18:39:59
archlinux
archlinux
[ASA-201707-3] bind: access restriction bypass
2017-07-04 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package bind version 9.10.5.P3-alt1
2017-07-11 00:00:00
Security fix for the ALT Linux 8 package bind version 9.10.5.P3-alt1
2017-07-11 00:00:00
cve
cve
CVE-2017-3142
2019-01-16 20:29:00
CVE-2017-3143
2019-01-16 20:29:00
redhatcve
redhatcve
CVE-2017-3142
2017-06-30 04:48:39
CVE-2017-3143
2017-06-30 04:48:21
prion
prion
Design/Logic Flaw
2019-01-16 20:29:00
Design/Logic Flaw
2019-01-16 20:29:00
cvelist
cvelist
f5
f5
K59448931 : BIND vulnerability CVE-2017-3142
2017-06-30 00:00:00
K02230327 : BIND vulnerability CVE-2017-3143
2017-06-30 00:00:00
veracode
veracode
Authentication Bypass
2019-01-15 09:18:18
Authorization Bypass
2018-05-23 08:00:34
nvd
nvd
CVE-2017-3142
2019-01-16 20:29:00
CVE-2017-3143
2019-01-16 20:29:00
debiancve
debiancve
CVE-2017-3142
2019-01-16 20:29:00
CVE-2017-3143
2019-01-16 20:29:00
ubuntucve
ubuntucve
CVE-2017-3142
2017-06-29 00:00:00
CVE-2017-3143
2017-06-29 00:00:00
alpinelinux
alpinelinux
CVE-2017-3142
2019-01-16 20:29:00
CVE-2017-3143
2019-01-16 20:29:00
checkpoint_advisories
checkpoint_advisories
ISC BIND TSIG Authentication Bypass (CVE-2017-3143)
2017-07-11 00:00:00
mageia
mageia
Updated bind packages fix security vulnerability
2017-12-31 15:00:06