[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1697-1] bind9 security updat



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : bind9
Version        : 1:9.9.5.dfsg-9+deb8u17
CVE ID         : CVE-2018-5745 CVE-2019-6465


Two issues have been found in bind9, the Internet Domain Name Server.

CVE-2019-6465
    Zone transfer for DLZs are executed though not permitted by ACLs.

CVE-2018-5745
    Avoid assertion and thus causing named to deliberately exit when a
    trust anchor's key is replaced with a key which uses an unsupported
    algorithm.


For Debian 8 "Jessie", these problems have been fixed in version
1:9.9.5.dfsg-9+deb8u17.

We recommend that you upgrade your bind9 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAlx4TodfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEeSWhAAiB7MEpxu/nqcKlF5+Ho/t+bnvkNaQnLyiamw4Gsl/gc9DwYQHs8rhdxQ
qupT/JOdmnWv7VzIEaSZ13j6jUYgHSJs5bFJ4JMpPnh6Ag4eQMyF3spbsMDDYO6r
IYeO+4qQzjhDZ22f3jo3iAOr5AN4h9MXx3mfYdJsWvoQw4S4jzGzbQwFy/3pqR8i
9GHimgOc9G4lnUFesCXzcQSroLslWEEIDQPFoyt7RBUD2Yc6pNnGsGZOpiPW/257
B8TgFEAtTaHvP+dPZ9R91EzqLR12rnrPu2A1vbzbZ2PhiBnQC1h5mOxV24whs51y
yr98TBdlb8BhMMErcPSbvHOV9d+3y3pt36UJx9B8iikCCm5LCodD8XBo82Psf9qj
ESccsvhXzDFA/zstOSkddgymNF8mi02BfEGmvWeBw/xNk72UREeuUwD6b3uzmIwj
XKQXGTQ0ej48WgluxxnoIGDlTNkAQ0ySI3Nx88EaIFC1fOQZPvwStw3NOO77wGBi
JuWXO7SLabEDSBdlQdF2n9TwnQuF9bwOz83HvczF0tvcV2GtDE38N74a0KWMvYsS
8qVBvFnWLhM+d2/Zs7G96M3wbw1Hv06yaewvruoiEKkPqTqJPtu9Xj2eDqoYyEwX
ZbJE0aw7VKc9Nz6zBsP56W0nH63p72ozf3k55pyKwkQUXmXzIMc=
=Qq9W
-----END PGP SIGNATURE-----


Reply to: