[SECURITY] [DLA 1025-1] bind9 security update

[Thorsten Alteholz <debian@alteholz.de>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : bind9
Version        : 1:9.8.4.dfsg.P1-6+nmu2+deb7u17
CVE ID         : CVE-2017-3142 CVE-2017-3143


CVE-2017-3142

    An attacker who is able to send and receive messages to an authoritative
    DNS server and who has knowledge of a valid TSIG key name may be able to
    circumvent TSIG authentication of AXFR requests via a carefully constructed
    request packet. A server that relies solely on TSIG keys for protection
    with no other ACL protection could be manipulated into:
    - providing an AXFR of a zone to an unauthorized recipient
    - accepting bogus NOTIFY packets

CVE-2017-3143

    An attacker who is able to send and receive messages to an authoritative
    DNS server and who has knowledge of a valid TSIG key name for the zone and
    service being targeted may be able to manipulate BIND into accepting an
    unauthorized dynamic update.


For Debian 7 "Wheezy", these problems have been fixed in version
1:9.8.4.dfsg.P1-6+nmu2+deb7u17.

We recommend that you upgrade your bind9 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ7BAEBCgBmBQJZZ9arXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHzqkP+MFU8QL8MwMUK3zTpZhfWoRg
faP+dRJkB9rL3SSaDF8FsM2rqHUXg+OrfpWZ+e8fz92ouYIyvEQzOGHPXah6/Ncn
zA11q8xTaxBblKhYqs8BWDVmf9p17qAifr8bAFdjBUz3MjYvdoYepQ9Bo2etO7Tl
x5MNKssEBRzj3w0QVnXnWv2NHw4Ve0uVz33FeSZnXskRIKigsIbofLrpObh+OmCe
+HyuXGLq8t6heUKdfbBQ5YAj7aIJ72VAcxXpyN1ZCZQiu2BJYxOkqKBuhzd+pQ4z
Uo9EYuuSCQrV7/KJxBXIoWGeWtBHQFEgMLlG0+z8XXNY85CB1r05FBImr45VVsjb
ErGO0YxbBwHlhBpf69/k5or6Xl4OryS4uvS3P9IfYO77q2MqkqsZXw1HetkfuwhL
Hq/vM/kk3Pv2bmX5J9xncFRSiib8Z6EQ6a4hWVcJ7Zmwu/85AMibNKY7YIK9p13A
sJIRpZrnGct20v1P8bmORi0WD7H+6Hc2V15TlGGeS4xufiEEujpe1jCwwcnI+whl
EBYZvjPLX56jSVaazv31PgCNUGVQbkaabyVtintA/2zioMD9lRpO5ILk+ZdI6sYR
azBXI198cd1clSGzcGkKsXPUWODfC6rl5datG7ixGTBgx3FB2Is5ckmpoYvRf843
LBNJbmD/on+Sz/Bllbw=
=5QMW
-----END PGP SIGNATURE-----