Debian Security Advisory

DLA-1025-2 bind9 -- LTS security update

Date Reported:
25 Jul 2017
Affected Packages:
bind9
Vulnerable:
Yes
Security database references:
No other external database security references currently available.
More information:

The security update announced as DLA-1025-1 in bind9 introduced a regression.

The fix for CVE-2017-3142 broke verification of TSIG signed TCP message sequences where not all the messages contain TSIG records. This is conform to the spec and may be used in AXFR and IXFR response.

For Debian 7 Wheezy, these problems have been fixed in version 1:9.8.4.dfsg.P1-6+nmu2+deb7u18.

We recommend that you upgrade your bind9 packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS