[3.6] bind: Multiple vulnerabilities (CVE-2017-3142, CVE-2017-3143)
CVE-2017-3142: An error in TSIG authentication can permit unauthorized zone transfers
Affected versions:
9.4.09.8.8,
9.9.0>9.9.10-P1, 9.10.09.10.5-P1, 9.11.0>9.11.1-P1
Fixed in:
BIND 9 version 9.11.1-P2
Reference:
https://kb.isc.org/article/AA-01504
CVE-2017-3143: An error in TSIG authentication can permit unauthorized dynamic updates
Affected versions:
9.4.09.8.8,
9.9.0>9.9.10-P1, 9.10.09.10.5-P1, 9.11.0>9.11.1-P1
Fixed in:
BIND 9 version 9.11.1-P2
Reference:
(from redmine: issue id 7497, created on 2017-07-11, closed on 2017-08-07)
- Relations:
- parent #7496 (closed)
- Changesets:
- Revision 4105cc0c by Francesco Colista on 2017-08-07T14:28:48Z:
main/bind: fix for CVE-2017-3142 and CVE-2017-3143. Fixes #7497
- Revision 000448bf by Francesco Colista on 2017-08-07T14:39:01Z:
main/bind: fix for CVE-2017-3142 and CVE-2017-3143. Fixes #7497