[SECURITY] [DLA 805-1] bind9 security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 805-1] bind9 security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Sun, 29 Jan 2017 12:36:52 +0100 (CET)
Message-id: <[🔎] alpine.DEB.2.02.1701291235460.24397@jupiter.server.alteholz.net>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : bind9
Version        : 1:9.8.4.dfsg.P1-6+nmu2+deb7u14
CVE ID         : CVE-2016-9131 CVE-2016-9147 CVE-2016-9444

Several denial-of-service vulnerabilities (assertion failures) were
discovered in BIND, a DNS server implementation.

CVE-2016-9131

    A crafted upstream response to an ANY query could cause an
    assertion failure.

CVE-2016-9147

    A crafted upstream response with self-contradicting DNSSEC data
    could cause an assertion failure.

CVE-2016-9444

    Specially-crafted upstream responses with a DS record could cause
    an assertion failure.

These vulnerabilities predominantly affect DNS servers providing
recursive service.  Client queries to authoritative-only servers
cannot trigger these assertion failures.  These vulnerabilities are
present whether or not DNSSEC validation is enabled in the server
configuration.

For Debian 7 "Wheezy", these problems have been fixed in version
1:9.8.4.dfsg.P1-6+nmu2+deb7u14.

We recommend that you upgrade your bind9 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJYjdPUXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHEysP/j4P/8jdsTImdibIgb3aljbF
mMhzWnUX8OlgkDCXanHfPH15dJz1KP6c6697Y8Ub/njNBH3BL77dIXwey1RNJhK6
ROH2j3QbS9X7Icc64DrdgIf7x5nFB+M9WvawFYcXxq/eniZ+LuIfMW88Ex1BxKB/
2d5PJ0Vmk4Hx7mKz8XmWEfZz/8Jkn46b8nRR1ftDd10vQkLAucWDRwTSANqvo0xU
NXG875o1RhETVP6X9u3+VY0Ke9grCRRhZRiGy3/cSaloCf2rD4f4GFw4NWBt5/dv
l+BlsM2bVUIL/K8ISI2FLz135/e39IfuGnwtu7RQZYA8P8rcgN+hqeoEUpHntUv1
jXH1DRC0fkI7aVqY+PCUEpWn6jAL0vOfaWAt4oOnq+eoIggbZVQJr47WVjxHM32V
HwWg2Me2463Mj1FWM66q16C7V1vlVrXaaSpCY1dYDFqvsi9YkCryee9MQ0XSJOAp
o+a4lR7g9w66yiSQ+kS+HpQWuNt+dFdVe6uh8+RrTqpwA/zWXlrWCJrUHxkv1Pyc
QiAbx/fzs+Tqgd21O7xxtXTcp6p2jS/RA3gSKeArilVMDH/94LvUEOaaafn+Svz/
v5j4kwAbEBrSTw0JF+SraRJInm0vL4iU0AHVpKth2AxKvxRcyznu48qHSC7uXaUt
qFETgjSZ3C47RbnX8poB
=teep
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 804-1] libgd2 security update
Next by Date: [SECURITY] [DLA 806-1] zoneminder security update
Previous by thread: [SECURITY] [DLA 804-1] libgd2 security update
Next by thread: [SECURITY] [DLA 806-1] zoneminder security update
Index(es):
- Date
- Thread