SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Generic)  >   BIND Vendors:   ISC (Internet Software Consortium)
(CentOS Issues Fix) BIND RPZ and DNS64 State Error Lets Remote Users Cause the Target Service to Crash
SecurityTracker Alert ID:  1037853
SecurityTracker URL:  http://securitytracker.com/id/1037853
CVE Reference:   CVE-2017-3135   (Links to External Site)
Date:  Feb 17 2017
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 9.9.3-S1 - 9.9.9-S7, 9.9.3 - 9.9.9-P5, 9.9.10b1, 9.10.0 - 9.10.4-P5, 9.10.5b1, 9.11.0 - 9.11.0-P2, 9.11.1b1
Description:   A vulnerability was reported in BIND. A remote user can cause the target service to crash in certain cases.

A remote user can trigger a state error in query processing and cause the target service to crash.

Some configurations using both Response Policy Zones (RPZ) and DNS64 to rewrite query responses are affected.

Ramesh Damodaran (Infoblox) and Aliaksandr Shubnik (Infoblox) reported this vulnerability.

Impact:   A remote user can cause the target service to crash.
Solution:   CentOS has issued a fix.

x86_64:
78da78be03829d07f7ddd5bf6fde8fb873ae21fda0ca931eb01e251351d0e0d4 bind-9.9.4-38.el7_3.2.x86_64.rpm
0a4048a4c3afc0656da2ea3d9f67467c3bb13aef795169a831e20be62973cb3b bind-chroot-9.9.4-38.el7_3.2.x86_64.rpm
3edf4863b3265a5ffb6f96e33e0b70cf00f63f632060de6946a98e1f5d6abd4f bind-devel-9.9.4-38.el7_3.2.i686.rpm
db587a93bb81fc8471f85f852d6a5e1b68ccae8b1518dcd6aee0bb789ee39609 bind-devel-9.9.4-38.el7_3.2.x86_64.rpm
2f80f485510682611829cf0b00dbba5ed8858ea6862dc37278cc0df4dc965964 bind-libs-9.9.4-38.el7_3.2.i686.rpm
102cdd935e72edc2c3eb7f3997eb86b66bd88d0db7c3c67481d46be5e33d1032 bind-libs-9.9.4-38.el7_3.2.x86_64.rpm
93e1824c575495e0d95abbc23155f3039a0fd7af939583eefe8b027101d3c1ae bind-libs-lite-9.9.4-38.el7_3.2.i686.rpm
fc482a8e502415088cec63af435d2b00d65176e0f02e78112ac0e110da5bbe7d bind-libs-lite-9.9.4-38.el7_3.2.x86_64.rpm
7dd2e52354a0b7bdeb26bcd4bebf4624838854e45a881b8cf9580a6d900aac62 bind-license-9.9.4-38.el7_3.2.noarch.rpm
28bddde638e4fd7aaaa64898a68e063c233600949c494762aa921210577817a7 bind-lite-devel-9.9.4-38.el7_3.2.i686.rpm
68a332bfa8510a68dfa69b86731587f3f6db9cb79f5c34ffd25f11a152779c05 bind-lite-devel-9.9.4-38.el7_3.2.x86_64.rpm
a13703306d3e55cb528c20b4909b85a4d19347f62899d447c48fa3bee54a8887 bind-pkcs11-9.9.4-38.el7_3.2.x86_64.rpm
4d5a2adf1912a70d6e297fff2fdc682dc6713e3db3a1f5f06245c0a3f1afcd42 bind-pkcs11-devel-9.9.4-38.el7_3.2.i686.rpm
afbb5eee280a6724d6e10389d6f11ba724667aed1b4b40cc34b834ab0e507827 bind-pkcs11-devel-9.9.4-38.el7_3.2.x86_64.rpm
d6ecabde1ec8cba6ba35e2e8e83294123aa66783958858be2633448f42e20ca5 bind-pkcs11-libs-9.9.4-38.el7_3.2.i686.rpm
2df9618f5fff66583334bdff82397af1e745c7ab52b8c9d621d76a57a4842c96 bind-pkcs11-libs-9.9.4-38.el7_3.2.x86_64.rpm
f2628830823d2e30d75a909f8ded4cd29de3e426b31055638a00a004a8406e06 bind-pkcs11-utils-9.9.4-38.el7_3.2.x86_64.rpm
14b3160ad029d2e17ef07078d7f5d83e4e9e153e759bb39fd0ef71986a6cb7a1 bind-sdb-9.9.4-38.el7_3.2.x86_64.rpm
ddc9f4877c2e5a465f7075422210153b0aaf05c67e349598f7906d253462279b bind-sdb-chroot-9.9.4-38.el7_3.2.x86_64.rpm
36d4252c534f9af00a95892262eecae02aba51e6e1a70ccc6da1cf00d5da6985 bind-utils-9.9.4-38.el7_3.2.x86_64.rpm

Source:
cd2e4ab4b292f33e6ab2b04a63d95bd6b120d8b501194b803005fe8455b6b37b bind-9.9.4-38.el7_3.2.src.rpm

Cause:   State error
Underlying OS:  Linux (CentOS)
Underlying OS Comments:  7

Message History:   This archive entry is a follow-up to the message listed below.
Feb 9 2017 BIND RPZ and DNS64 State Error Lets Remote Users Cause the Target Service to Crash



 Source Message Contents

Date:  Wed, 15 Feb 2017 14:49:31 +0000
Subject:  [CentOS-announce] CESA-2017:0276 Moderate CentOS 7 bind Security Update


CentOS Errata and Security Advisory 2017:0276 Moderate

Upstream details at : https://rhn.redhat.com/errata/RHSA-2017-0276.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
78da78be03829d07f7ddd5bf6fde8fb873ae21fda0ca931eb01e251351d0e0d4  bind-9.9.4-38.el7_3.2.x86_64.rpm
0a4048a4c3afc0656da2ea3d9f67467c3bb13aef795169a831e20be62973cb3b  bind-chroot-9.9.4-38.el7_3.2.x86_64.rpm
3edf4863b3265a5ffb6f96e33e0b70cf00f63f632060de6946a98e1f5d6abd4f  bind-devel-9.9.4-38.el7_3.2.i686.rpm
db587a93bb81fc8471f85f852d6a5e1b68ccae8b1518dcd6aee0bb789ee39609  bind-devel-9.9.4-38.el7_3.2.x86_64.rpm
2f80f485510682611829cf0b00dbba5ed8858ea6862dc37278cc0df4dc965964  bind-libs-9.9.4-38.el7_3.2.i686.rpm
102cdd935e72edc2c3eb7f3997eb86b66bd88d0db7c3c67481d46be5e33d1032  bind-libs-9.9.4-38.el7_3.2.x86_64.rpm
93e1824c575495e0d95abbc23155f3039a0fd7af939583eefe8b027101d3c1ae  bind-libs-lite-9.9.4-38.el7_3.2.i686.rpm
fc482a8e502415088cec63af435d2b00d65176e0f02e78112ac0e110da5bbe7d  bind-libs-lite-9.9.4-38.el7_3.2.x86_64.rpm
7dd2e52354a0b7bdeb26bcd4bebf4624838854e45a881b8cf9580a6d900aac62  bind-license-9.9.4-38.el7_3.2.noarch.rpm
28bddde638e4fd7aaaa64898a68e063c233600949c494762aa921210577817a7  bind-lite-devel-9.9.4-38.el7_3.2.i686.rpm
68a332bfa8510a68dfa69b86731587f3f6db9cb79f5c34ffd25f11a152779c05  bind-lite-devel-9.9.4-38.el7_3.2.x86_64.rpm
a13703306d3e55cb528c20b4909b85a4d19347f62899d447c48fa3bee54a8887  bind-pkcs11-9.9.4-38.el7_3.2.x86_64.rpm
4d5a2adf1912a70d6e297fff2fdc682dc6713e3db3a1f5f06245c0a3f1afcd42  bind-pkcs11-devel-9.9.4-38.el7_3.2.i686.rpm
afbb5eee280a6724d6e10389d6f11ba724667aed1b4b40cc34b834ab0e507827  bind-pkcs11-devel-9.9.4-38.el7_3.2.x86_64.rpm
d6ecabde1ec8cba6ba35e2e8e83294123aa66783958858be2633448f42e20ca5  bind-pkcs11-libs-9.9.4-38.el7_3.2.i686.rpm
2df9618f5fff66583334bdff82397af1e745c7ab52b8c9d621d76a57a4842c96  bind-pkcs11-libs-9.9.4-38.el7_3.2.x86_64.rpm
f2628830823d2e30d75a909f8ded4cd29de3e426b31055638a00a004a8406e06  bind-pkcs11-utils-9.9.4-38.el7_3.2.x86_64.rpm
14b3160ad029d2e17ef07078d7f5d83e4e9e153e759bb39fd0ef71986a6cb7a1  bind-sdb-9.9.4-38.el7_3.2.x86_64.rpm
ddc9f4877c2e5a465f7075422210153b0aaf05c67e349598f7906d253462279b  bind-sdb-chroot-9.9.4-38.el7_3.2.x86_64.rpm
36d4252c534f9af00a95892262eecae02aba51e6e1a70ccc6da1cf00d5da6985  bind-utils-9.9.4-38.el7_3.2.x86_64.rpm

Source:
cd2e4ab4b292f33e6ab2b04a63d95bd6b120d8b501194b803005fe8455b6b37b  bind-9.9.4-38.el7_3.2.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2017, SecurityGlobal.net LLC