SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Generic)  >   BIND Vendors:   ISC (Internet Software Consortium)
(Oracle Issues Fix for Oracle Linux) BIND RPZ and DNS64 State Error Lets Remote Users Cause the Target Service to Crash
SecurityTracker Alert ID:  1037854
SecurityTracker URL:  http://securitytracker.com/id/1037854
CVE Reference:   CVE-2017-3135   (Links to External Site)
Date:  Feb 17 2017
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 9.9.3-S1 - 9.9.9-S7, 9.9.3 - 9.9.9-P5, 9.9.10b1, 9.10.0 - 9.10.4-P5, 9.10.5b1, 9.11.0 - 9.11.0-P2, 9.11.1b1
Description:   A vulnerability was reported in BIND. A remote user can cause the target service to crash in certain cases.

A remote user can trigger a state error in query processing and cause the target service to crash.

Some configurations using both Response Policy Zones (RPZ) and DNS64 to rewrite query responses are affected.

Ramesh Damodaran (Infoblox) and Aliaksandr Shubnik (Infoblox) reported this vulnerability.

Impact:   A remote user can cause the target service to crash.
Solution:   Oracle has issued a fix.

The Oracle Linux advisory is available at:

http://linux.oracle.com/errata/ELSA-2017-0276.html

Vendor URL:  linux.oracle.com/errata/ELSA-2017-0276.html (Links to External Site)
Cause:   State error
Underlying OS:  Linux (Oracle)
Underlying OS Comments:  7

Message History:   This archive entry is a follow-up to the message listed below.
Feb 9 2017 BIND RPZ and DNS64 State Error Lets Remote Users Cause the Target Service to Crash



 Source Message Contents

Subject:  [El-errata] ELSA-2017-0276 Moderate: Oracle Linux 7 bind security update

Oracle Linux Security Advisory ELSA-2017-0276

http://linux.oracle.com/errata/ELSA-2017-0276.html

The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
bind-9.9.4-38.el7_3.2.x86_64.rpm
bind-chroot-9.9.4-38.el7_3.2.x86_64.rpm
bind-devel-9.9.4-38.el7_3.2.i686.rpm
bind-devel-9.9.4-38.el7_3.2.x86_64.rpm
bind-libs-9.9.4-38.el7_3.2.i686.rpm
bind-libs-9.9.4-38.el7_3.2.x86_64.rpm
bind-libs-lite-9.9.4-38.el7_3.2.i686.rpm
bind-libs-lite-9.9.4-38.el7_3.2.x86_64.rpm
bind-license-9.9.4-38.el7_3.2.noarch.rpm
bind-lite-devel-9.9.4-38.el7_3.2.i686.rpm
bind-lite-devel-9.9.4-38.el7_3.2.x86_64.rpm
bind-pkcs11-9.9.4-38.el7_3.2.x86_64.rpm
bind-pkcs11-devel-9.9.4-38.el7_3.2.i686.rpm
bind-pkcs11-devel-9.9.4-38.el7_3.2.x86_64.rpm
bind-pkcs11-libs-9.9.4-38.el7_3.2.i686.rpm
bind-pkcs11-libs-9.9.4-38.el7_3.2.x86_64.rpm
bind-pkcs11-utils-9.9.4-38.el7_3.2.x86_64.rpm
bind-sdb-9.9.4-38.el7_3.2.x86_64.rpm
bind-sdb-chroot-9.9.4-38.el7_3.2.x86_64.rpm
bind-utils-9.9.4-38.el7_3.2.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/bind-9.9.4-38.el7_3.2.src.rpm



Description of changes:

[32:9.9.4-38.2]
- Fix CVE-2017-3135 (ISC change 4557)
- Fix and test caching CNAME before DNAME (ISC change 4558)


_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2017, SecurityGlobal.net LLC