aports issueshttps://gitlab.alpinelinux.org/alpine/aports/-/issues2019-07-23T11:55:44Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7145[3.2] bind: Multiple vulnerabilities (CVE-2017-3136, CVE-2017-3137, CVE-2017-...2019-07-23T11:55:44ZAlicha CH[3.2] bind: Multiple vulnerabilities (CVE-2017-3136, CVE-2017-3137, CVE-2017-3138)CVE-2017-3136: An error handling synthesized records could cause an assertion failure when using DNS64 with “break-dnssec yes;”
-------------------------------------------------------------------------------------------------------------...CVE-2017-3136: An error handling synthesized records could cause an assertion failure when using DNS64 with “break-dnssec yes;”
-------------------------------------------------------------------------------------------------------------------------------
### Affected versions:
9.8.0 ->9.8.8-P1, 9.9.0 ->9.9.9-P6, 9.9.10b1<s><span
style="text-align:right;">9.9.10rc1, 9.10.0</span></s>>
**9.10.4-P6**, 9.10.5b1<s><span style="text-align:right;">9.10.5rc1,
9.11.0</span></s>>9.11.0-P3, 9.11.1b1<s><span
style="text-align:right;">9.11.1rc1, 9.9.3-S1</span></s>>9.9.9-S8
### Fixed in:
BIND 9 version 9.9.9-P8
**BIND 9 version 9.10.4-P8**
BIND 9 version 9.11.0-P5
### References:
https://kb.isc.org/article/AA-01465/74/CVE-2017-3136%3A-An-error-handling-synthesized-records-could-cause-an-assertion-failure-when-using-DNS64-with-break-dnssec-yes.html
CVE-2017-3137: A response packet can cause a resolver to terminate when processing an answer containing a CNAME or DNAME
------------------------------------------------------------------------------------------------------------------------
### Affected versions:
9.9.9-P6, 9.9.10b1<s><span style="text-align:right;">9.9.10rc1,
**9.10.4-P6**, 9.10.5b1</span></s>>9.10.5rc1, 9.11.0-P3,
9.11.1b1->9.11.1rc1, and 9.9.9-S8
### Fixed in:
BIND 9 version 9.9.9-P8
**BIND 9 version 9.10.4-P8**
BIND 9 version 9.11.0-P5
### References:
https://kb.isc.org/article/AA-01466/74/CVE-2017-3137%3A-A-response-packet-can-cause-a-resolver-to-terminate-when-processing-an-answer-containing-a-CNAME-or-DNAME.html
CVE-2017-3138: named exits with a REQUIRE assertion failure if it receives a null command string on its control channel
-----------------------------------------------------------------------------------------------------------------------
### Affected versions:
9.9.9<s><span style="text-align:right;">9.9.9-P7,
9.9.10b1</span></s>>9.9.10rc2, 9.10.4<s><span
style="text-align:right;">9.10.4-P7, 9.10.5b1</span></s>>9.10.5rc2,
9.11.0<s><span style="text-align:right;">9.11.0-P4,
9.11.1b1</span></s>>9.11.1rc2, 9.9.9-S1->9.9.9-S9
### Fixed in:
BIND 9 version 9.9.9-P8
**BIND 9 version 9.10.4-P8**
BIND 9 version 9.11.0-P5
### References:
https://kb.isc.org/article/AA-01471/74/CVE-2017-3138%3A-named-exits-with-a-REQUIRE-assertion-failure-if-it-receives-a-null-command-string-on-its-control-channel.html
*(from redmine: issue id 7145, created on 2017-04-14, closed on 2017-04-25)*
* Relations:
* parent #7140
* Changesets:
* Revision e1c82f92f256c814e32451da7b302a8d83f94800 on 2017-04-25T12:56:08Z:
```
main/bind: security upgrade to 9.10.4-P8 - fixes #7145
CVE-2017-3136
CVE-2017-3137
CVE-2017-3138
```3.2.4Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7144[3.3] bind: Multiple vulnerabilities (CVE-2017-3136, CVE-2017-3137, CVE-2017-...2019-07-23T11:55:46ZAlicha CH[3.3] bind: Multiple vulnerabilities (CVE-2017-3136, CVE-2017-3137, CVE-2017-3138)CVE-2017-3136: An error handling synthesized records could cause an assertion failure when using DNS64 with “break-dnssec yes;”
-------------------------------------------------------------------------------------------------------------...CVE-2017-3136: An error handling synthesized records could cause an assertion failure when using DNS64 with “break-dnssec yes;”
-------------------------------------------------------------------------------------------------------------------------------
### Affected versions:
9.8.0 ->9.8.8-P1, 9.9.0 ->9.9.9-P6, 9.9.10b1<s><span
style="text-align:right;">9.9.10rc1, 9.10.0</span></s>>
**9.10.4-P6**, 9.10.5b1<s><span style="text-align:right;">9.10.5rc1,
9.11.0</span></s>>9.11.0-P3, 9.11.1b1<s><span
style="text-align:right;">9.11.1rc1, 9.9.3-S1</span></s>>9.9.9-S8
### Fixed in:
BIND 9 version 9.9.9-P8
**BIND 9 version 9.10.4-P8**
BIND 9 version 9.11.0-P5
### References:
https://kb.isc.org/article/AA-01465/74/CVE-2017-3136%3A-An-error-handling-synthesized-records-could-cause-an-assertion-failure-when-using-DNS64-with-break-dnssec-yes.html
CVE-2017-3137: A response packet can cause a resolver to terminate when processing an answer containing a CNAME or DNAME
------------------------------------------------------------------------------------------------------------------------
### Affected versions:
9.9.9-P6, 9.9.10b1<s><span style="text-align:right;">9.9.10rc1,
**9.10.4-P6**, 9.10.5b1</span></s>>9.10.5rc1, 9.11.0-P3,
9.11.1b1->9.11.1rc1, and 9.9.9-S8
### Fixed in:
BIND 9 version 9.9.9-P8
**BIND 9 version 9.10.4-P8**
BIND 9 version 9.11.0-P5
### References:
https://kb.isc.org/article/AA-01466/74/CVE-2017-3137%3A-A-response-packet-can-cause-a-resolver-to-terminate-when-processing-an-answer-containing-a-CNAME-or-DNAME.html
CVE-2017-3138: named exits with a REQUIRE assertion failure if it receives a null command string on its control channel
-----------------------------------------------------------------------------------------------------------------------
### Affected versions:
9.9.9<s><span style="text-align:right;">9.9.9-P7,
9.9.10b1</span></s>>9.9.10rc2, 9.10.4<s><span
style="text-align:right;">9.10.4-P7, 9.10.5b1</span></s>>9.10.5rc2,
9.11.0<s><span style="text-align:right;">9.11.0-P4,
9.11.1b1</span></s>>9.11.1rc2, 9.9.9-S1->9.9.9-S9
### Fixed in:
BIND 9 version 9.9.9-P8
**BIND 9 version 9.10.4-P8**
BIND 9 version 9.11.0-P5
### References:
https://kb.isc.org/article/AA-01471/74/CVE-2017-3138%3A-named-exits-with-a-REQUIRE-assertion-failure-if-it-receives-a-null-command-string-on-its-control-channel.html
*(from redmine: issue id 7144, created on 2017-04-14, closed on 2017-04-25)*
* Relations:
* parent #7140
* Changesets:
* Revision 2542b4ba677184fdcb83fc2fdf9dcf5c2dd6fbb8 on 2017-04-25T12:54:22Z:
```
main/bind: security upgrade to bind-9.10.4-P8 - fixes #7144
CVE-2017-3136
CVE-2017-3137
CVE-2017-3138
```3.3.4Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7143[3.4] bind: Multiple vulnerabilities (CVE-2017-3136, CVE-2017-3137, CVE-2017-...2019-07-23T11:55:47ZAlicha CH[3.4] bind: Multiple vulnerabilities (CVE-2017-3136, CVE-2017-3137, CVE-2017-3138)CVE-2017-3136: An error handling synthesized records could cause an assertion failure when using DNS64 with “break-dnssec yes;”
-------------------------------------------------------------------------------------------------------------...CVE-2017-3136: An error handling synthesized records could cause an assertion failure when using DNS64 with “break-dnssec yes;”
-------------------------------------------------------------------------------------------------------------------------------
### Affected versions:
9.8.0 ->9.8.8-P1, 9.9.0 ->9.9.9-P6, 9.9.10b1<s><span
style="text-align:right;">9.9.10rc1, 9.10.0</span></s>>
**9.10.4-P6**, 9.10.5b1<s><span style="text-align:right;">9.10.5rc1,
9.11.0</span></s>>9.11.0-P3, 9.11.1b1<s><span
style="text-align:right;">9.11.1rc1, 9.9.3-S1</span></s>>9.9.9-S8
### Fixed in:
BIND 9 version 9.9.9-P8
**BIND 9 version 9.10.4-P8**
BIND 9 version 9.11.0-P5
### References:
https://kb.isc.org/article/AA-01465/74/CVE-2017-3136%3A-An-error-handling-synthesized-records-could-cause-an-assertion-failure-when-using-DNS64-with-break-dnssec-yes.html
CVE-2017-3137: A response packet can cause a resolver to terminate when processing an answer containing a CNAME or DNAME
------------------------------------------------------------------------------------------------------------------------
### Affected versions:
9.9.9-P6, 9.9.10b1<s><span style="text-align:right;">9.9.10rc1,
**9.10.4-P6**, 9.10.5b1</span></s>>9.10.5rc1, 9.11.0-P3,
9.11.1b1->9.11.1rc1, and 9.9.9-S8
### Fixed in:
BIND 9 version 9.9.9-P8
**BIND 9 version 9.10.4-P8**
BIND 9 version 9.11.0-P5
### References:
https://kb.isc.org/article/AA-01466/74/CVE-2017-3137%3A-A-response-packet-can-cause-a-resolver-to-terminate-when-processing-an-answer-containing-a-CNAME-or-DNAME.html
CVE-2017-3138: named exits with a REQUIRE assertion failure if it receives a null command string on its control channel
-----------------------------------------------------------------------------------------------------------------------
### Affected versions:
9.9.9<s><span style="text-align:right;">9.9.9-P7,
9.9.10b1</span></s>>9.9.10rc2, 9.10.4<s><span
style="text-align:right;">9.10.4-P7, 9.10.5b1</span></s>>9.10.5rc2,
9.11.0<s><span style="text-align:right;">9.11.0-P4,
9.11.1b1</span></s>>9.11.1rc2, 9.9.9-S1->9.9.9-S9
### Fixed in:
BIND 9 version 9.9.9-P8
**BIND 9 version 9.10.4-P8**
BIND 9 version 9.11.0-P5
### References:
https://kb.isc.org/article/AA-01471/74/CVE-2017-3138%3A-named-exits-with-a-REQUIRE-assertion-failure-if-it-receives-a-null-command-string-on-its-control-channel.html
*(from redmine: issue id 7143, created on 2017-04-14, closed on 2017-04-25)*
* Relations:
* parent #7140
* Changesets:
* Revision 4a14304f062446ffbb8809d8e629c1b939311f65 on 2017-04-25T12:47:59Z:
```
main/bind: security upgrade to 9.10.4-P8 - fixes #7143
CVE-2017-3136, CVE-2017-3137, CVE-2017-3138
```3.4.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7142[3.5] bind: Multiple vulnerabilities (CVE-2017-3136, CVE-2017-3137, CVE-2017-...2019-07-23T11:55:48ZAlicha CH[3.5] bind: Multiple vulnerabilities (CVE-2017-3136, CVE-2017-3137, CVE-2017-3138)CVE-2017-3136: An error handling synthesized records could cause an assertion failure when using DNS64 with “break-dnssec yes;”
-------------------------------------------------------------------------------------------------------------...CVE-2017-3136: An error handling synthesized records could cause an assertion failure when using DNS64 with “break-dnssec yes;”
-------------------------------------------------------------------------------------------------------------------------------
### Affected versions:
9.8.0 ->9.8.8-P1, 9.9.0 ->9.9.9-P6, 9.9.10b1<s><span
style="text-align:right;">9.9.10rc1, 9.10.0</span></s>>
**9.10.4-P6**, 9.10.5b1<s><span style="text-align:right;">9.10.5rc1,
9.11.0</span></s>>9.11.0-P3, 9.11.1b1<s><span
style="text-align:right;">9.11.1rc1, 9.9.3-S1</span></s>>9.9.9-S8
### Fixed in:
BIND 9 version 9.9.9-P8
**BIND 9 version 9.10.4-P8**
BIND 9 version 9.11.0-P5
### References:
https://kb.isc.org/article/AA-01465/74/CVE-2017-3136%3A-An-error-handling-synthesized-records-could-cause-an-assertion-failure-when-using-DNS64-with-break-dnssec-yes.html
CVE-2017-3137: A response packet can cause a resolver to terminate when processing an answer containing a CNAME or DNAME
------------------------------------------------------------------------------------------------------------------------
### Affected versions:
9.9.9-P6, 9.9.10b1<s><span style="text-align:right;">9.9.10rc1,
**9.10.4-P6**, 9.10.5b1</span></s>>9.10.5rc1, 9.11.0-P3,
9.11.1b1->9.11.1rc1, and 9.9.9-S8
### Fixed in:
BIND 9 version 9.9.9-P8
**BIND 9 version 9.10.4-P8**
BIND 9 version 9.11.0-P5
### References:
https://kb.isc.org/article/AA-01466/74/CVE-2017-3137%3A-A-response-packet-can-cause-a-resolver-to-terminate-when-processing-an-answer-containing-a-CNAME-or-DNAME.html
CVE-2017-3138: named exits with a REQUIRE assertion failure if it receives a null command string on its control channel
-----------------------------------------------------------------------------------------------------------------------
### Affected versions:
9.9.9<s><span style="text-align:right;">9.9.9-P7,
9.9.10b1</span></s>>9.9.10rc2, 9.10.4<s><span
style="text-align:right;">9.10.4-P7, 9.10.5b1</span></s>>9.10.5rc2,
9.11.0<s><span style="text-align:right;">9.11.0-P4,
9.11.1b1</span></s>>9.11.1rc2, 9.9.9-S1->9.9.9-S9
### Fixed in:
BIND 9 version 9.9.9-P8
**BIND 9 version 9.10.4-P8**
BIND 9 version 9.11.0-P5
### References:
https://kb.isc.org/article/AA-01471/74/CVE-2017-3138%3A-named-exits-with-a-REQUIRE-assertion-failure-if-it-receives-a-null-command-string-on-its-control-channel.html
*(from redmine: issue id 7142, created on 2017-04-14, closed on 2017-04-25)*
* Relations:
* parent #71403.5.3Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7141[3.6] bind: Multiple vulnerabilities (CVE-2017-3136, CVE-2017-3137, CVE-2017-...2019-07-23T11:55:49ZAlicha CH[3.6] bind: Multiple vulnerabilities (CVE-2017-3136, CVE-2017-3137, CVE-2017-3138)CVE-2017-3136: An error handling synthesized records could cause an assertion failure when using DNS64 with “break-dnssec yes;”
-------------------------------------------------------------------------------------------------------------...CVE-2017-3136: An error handling synthesized records could cause an assertion failure when using DNS64 with “break-dnssec yes;”
-------------------------------------------------------------------------------------------------------------------------------
### Affected versions:
9.8.0 ->9.8.8-P1, 9.9.0 ->9.9.9-P6, 9.9.10b1<s><span
style="text-align:right;">9.9.10rc1, 9.10.0</span></s>>9.10.4-P6,
9.10.5b1<s><span style="text-align:right;">9.10.5rc1,
9.11.0</span></s>>**9.11.0-P3**, 9.11.1b1<s><span
style="text-align:right;">9.11.1rc1, 9.9.3-S1</span></s>>9.9.9-S8
### Fixed in:
BIND 9 version 9.9.9-P8
BIND 9 version 9.10.4-P8
**BIND 9 version 9.11.0-P5**
### References:
https://kb.isc.org/article/AA-01465/74/CVE-2017-3136%3A-An-error-handling-synthesized-records-could-cause-an-assertion-failure-when-using-DNS64-with-break-dnssec-yes.html
CVE-2017-3137: A response packet can cause a resolver to terminate when processing an answer containing a CNAME or DNAME
------------------------------------------------------------------------------------------------------------------------
### Affected versions:
9.9.9-P6, 9.9.10b1<s><span style="text-align:right;">9.9.10rc1,
9.10.4-P6, 9.10.5b1</span></s>>9.10.5rc1, **9.11.0-P3**,
9.11.1b1->9.11.1rc1, and 9.9.9-S8
### Fixed in:
BIND 9 version 9.9.9-P8
BIND 9 version 9.10.4-P8
**BIND 9 version 9.11.0-P5**
### References:
https://kb.isc.org/article/AA-01466/74/CVE-2017-3137%3A-A-response-packet-can-cause-a-resolver-to-terminate-when-processing-an-answer-containing-a-CNAME-or-DNAME.html
CVE-2017-3138: named exits with a REQUIRE assertion failure if it receives a null command string on its control channel
-----------------------------------------------------------------------------------------------------------------------
### Affected versions:
9.9.9<s><span style="text-align:right;">9.9.9-P7,
9.9.10b1</span></s>>9.9.10rc2, 9.10.4<s><span
style="text-align:right;">9.10.4-P7, 9.10.5b1</span></s>>9.10.5rc2,
9.11.0<s><span style="text-align:right;">9.11.0-P4,
9.11.1b1</span></s>>9.11.1rc2, 9.9.9-S1->9.9.9-S9
### Fixed in:
BIND 9 version 9.9.9-P8
BIND 9 version 9.10.4-P8
**BIND 9 version 9.11.0-P5**
### References:
https://kb.isc.org/article/AA-01471/74/CVE-2017-3138%3A-named-exits-with-a-REQUIRE-assertion-failure-if-it-receives-a-null-command-string-on-its-control-channel.html
*(from redmine: issue id 7141, created on 2017-04-14, closed on 2017-04-25)*
* Relations:
* parent #7140
* Changesets:
* Revision d3fda9ff848e86bb921ae7951f64dcaf69487af1 by Sergei Lukin on 2017-04-14T14:12:39Z:
```
main/bind: security upgrade to 9.11.0_p5 - fixes #7141
CVE-2017-3136: An error handling synthesized records could cause an assertion failure when using DNS64 with "break-dnssec yes;"
CVE-2017-3137: A response packet can cause a resolver to terminate when processing an answer containing a CNAME or DNAME
CVE-2017-3138: named exits with a REQUIRE assertion failure if it receives a null command string on its control channel
```3.6.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7140bind: Multiple vulnerabilities (CVE-2017-3136, CVE-2017-3137, CVE-2017-3138)2019-07-23T11:55:50ZAlicha CHbind: Multiple vulnerabilities (CVE-2017-3136, CVE-2017-3137, CVE-2017-3138)CVE-2017-3136: An error handling synthesized records could cause an assertion failure when using DNS64 with “break-dnssec yes;”
-------------------------------------------------------------------------------------------------------------...CVE-2017-3136: An error handling synthesized records could cause an assertion failure when using DNS64 with “break-dnssec yes;”
-------------------------------------------------------------------------------------------------------------------------------
### Affected versions:
9.8.0 ->9.8.8-P1, 9.9.0 ->9.9.9-P6, 9.9.10b1<s><span
style="text-align:right;">9.9.10rc1, 9.10.0</span></s>>
**9.10.4-P6**, 9.10.5b1<s><span style="text-align:right;">9.10.5rc1,
9.11.0</span></s>>**9.11.0-P3**, 9.11.1b1<s><span
style="text-align:right;">9.11.1rc1, 9.9.3-S1</span></s>>9.9.9-S8
### Fixed in:
BIND 9 version 9.9.9-P8
\*BIND 9 version 9.10.4-P8
BIND 9 version 9.11.0-P5\*
### References:
https://kb.isc.org/article/AA-01465/74/CVE-2017-3136%3A-An-error-handling-synthesized-records-could-cause-an-assertion-failure-when-using-DNS64-with-break-dnssec-yes.html
CVE-2017-3137: A response packet can cause a resolver to terminate when processing an answer containing a CNAME or DNAME
------------------------------------------------------------------------------------------------------------------------
### Affected versions:
9.9.9-P6, 9.9.10b1<s><span style="text-align:right;">9.9.10rc1,
**9.10.4-P6**, 9.10.5b1</span></s>>9.10.5rc1, **9.11.0-P3**,
9.11.1b1->9.11.1rc1, and 9.9.9-S8
### Fixed in:
BIND 9 version 9.9.9-P8
\*BIND 9 version 9.10.4-P8
BIND 9 version 9.11.0-P5\*
### References:
https://kb.isc.org/article/AA-01466/74/CVE-2017-3137%3A-A-response-packet-can-cause-a-resolver-to-terminate-when-processing-an-answer-containing-a-CNAME-or-DNAME.html
CVE-2017-3138: named exits with a REQUIRE assertion failure if it receives a null command string on its control channel
-----------------------------------------------------------------------------------------------------------------------
### Affected versions:
9.9.9<s><span style="text-align:right;">9.9.9-P7,
9.9.10b1</span></s>>9.9.10rc2, 9.10.4<s><span
style="text-align:right;">9.10.4-P7, 9.10.5b1</span></s>>9.10.5rc2,
9.11.0<s><span style="text-align:right;">9.11.0-P4,
9.11.1b1</span></s>>9.11.1rc2, 9.9.9-S1->9.9.9-S9
### Fixed in:
BIND 9 version 9.9.9-P8
\*BIND 9 version 9.10.4-P8
BIND 9 version 9.11.0-P5\*
### References:
https://kb.isc.org/article/AA-01471/74/CVE-2017-3138%3A-named-exits-with-a-REQUIRE-assertion-failure-if-it-receives-a-null-command-string-on-its-control-channel.html
*(from redmine: issue id 7140, created on 2017-04-14, closed on 2017-04-25)*
* Relations:
* child #7141
* child #7142
* child #7143
* child #7144
* child #7145Natanael CopaNatanael Copa