bind: Multiple vulnerabilities (CVE-2017-3136, CVE-2017-3137, CVE-2017-3138)
CVE-2017-3136: An error handling synthesized records could cause an assertion failure when using DNS64 with “break-dnssec yes;”
Affected versions:
9.8.0 ->9.8.8-P1, 9.9.0 ->9.9.9-P6, 9.9.10b19.9.10rc1, 9.10.0>
9.10.4-P6, 9.10.5b19.10.5rc1,
9.11.0>9.11.0-P3, 9.11.1b19.11.1rc1, 9.9.3-S1>9.9.9-S8
Fixed in:
BIND 9 version 9.9.9-P8
*BIND 9 version 9.10.4-P8
BIND 9 version 9.11.0-P5*
References:
CVE-2017-3137: A response packet can cause a resolver to terminate when processing an answer containing a CNAME or DNAME
Affected versions:
9.9.9-P6, 9.9.10b19.9.10rc1,
9.10.4-P6, 9.10.5b1>9.10.5rc1, 9.11.0-P3,
9.11.1b1->9.11.1rc1, and 9.9.9-S8
Fixed in:
BIND 9 version 9.9.9-P8
*BIND 9 version 9.10.4-P8
BIND 9 version 9.11.0-P5*
References:
CVE-2017-3138: named exits with a REQUIRE assertion failure if it receives a null command string on its control channel
Affected versions:
9.9.99.9.9-P7,
9.9.10b1>9.9.10rc2, 9.10.49.10.4-P7, 9.10.5b1>9.10.5rc2,
9.11.09.11.0-P4,
9.11.1b1>9.11.1rc2, 9.9.9-S1->9.9.9-S9
Fixed in:
BIND 9 version 9.9.9-P8
*BIND 9 version 9.10.4-P8
BIND 9 version 9.11.0-P5*
References:
(from redmine: issue id 7140, created on 2017-04-14, closed on 2017-04-25)
- Relations:
- child #7141 (closed)
- child #7142 (closed)
- child #7143 (closed)
- child #7144 (closed)
- child #7145 (closed)