[3.5] bind: Multiple vulnerabilities (CVE-2017-3142, CVE-2017-3143)
CVE-2017-3142: An error in TSIG authentication can permit unauthorized zone transfers
Affected versions:
9.4.09.8.8,
9.9.0>9.9.10-P1, 9.10.09.10.5-P1, 9.11.0>9.11.1-P1
Fixed in:
BIND 9 version 9.11.1-P2
Reference:
https://kb.isc.org/article/AA-01504
CVE-2017-3143: An error in TSIG authentication can permit unauthorized dynamic updates
Affected versions:
9.4.09.8.8,
9.9.0>9.9.10-P1, 9.10.09.10.5-P1, 9.11.0>9.11.1-P1
Fixed in:
BIND 9 version 9.11.1-P2
Reference:
(from redmine: issue id 7498, created on 2017-07-11, closed on 2017-08-07)
- Relations:
- parent #7496 (closed)
- Changesets:
- Revision e049b1d3 by Francesco Colista on 2017-08-07T14:21:37Z:
main/bind: fix for CVE-2017-3142 and CVE-2017-3143. Fixes #7498