USN-3346-2

See a problem?
Source
https://ubuntu.com/security/notices/USN-3346-2
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-3346-2.json
JSON Data
https://api.osv.dev/v1/vulns/USN-3346-2
Published
2017-09-18T17:15:08.141293Z
Modified
2017-09-18T17:15:08.141293Z
Summary
bind9 regression
Details

USN-3346-1 fixed vulnerabilities in Bind. The fix for CVE-2017-3142 introduced a regression in the ability to receive an AXFR or IXFR in the case where TSIG is used and not every message is signed. This update fixes the problem.

In addition, this update adds the new root zone key signing key (KSK).

Original advisory details:

Clément Berthaux discovered that Bind did not correctly check TSIG authentication for zone update requests. An attacker could use this to improperly perform zone updates. (CVE-2017-3143)

Clément Berthaux discovered that Bind did not correctly check TSIG authentication for zone transfer requests. An attacker could use this to improperly transfer entire zones. (CVE-2017-3142)

References

Affected packages

Ubuntu:14.04:LTS / bind9

Package

Name
bind9

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:9.9.5.dfsg-3ubuntu0.16

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "lwresd": "1:9.9.5.dfsg-3ubuntu0.16",
            "bind9utils": "1:9.9.5.dfsg-3ubuntu0.16",
            "bind9": "1:9.9.5.dfsg-3ubuntu0.16",
            "libbind-dev": "1:9.9.5.dfsg-3ubuntu0.16",
            "host": "1:9.9.5.dfsg-3ubuntu0.16",
            "bind9-doc": "1:9.9.5.dfsg-3ubuntu0.16",
            "liblwres90": "1:9.9.5.dfsg-3ubuntu0.16",
            "libisccfg90": "1:9.9.5.dfsg-3ubuntu0.16",
            "libisccc90": "1:9.9.5.dfsg-3ubuntu0.16",
            "libdns100": "1:9.9.5.dfsg-3ubuntu0.16",
            "libbind9-90": "1:9.9.5.dfsg-3ubuntu0.16",
            "bind9-host": "1:9.9.5.dfsg-3ubuntu0.16",
            "libisc95": "1:9.9.5.dfsg-3ubuntu0.16",
            "dnsutils": "1:9.9.5.dfsg-3ubuntu0.16"
        }
    ]
}

Ubuntu:16.04:LTS / bind9

Package

Name
bind9

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:9.10.3.dfsg.P4-8ubuntu1.8

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "libisccc-export140": "1:9.10.3.dfsg.P4-8ubuntu1.8",
            "lwresd": "1:9.10.3.dfsg.P4-8ubuntu1.8",
            "libirs-export141": "1:9.10.3.dfsg.P4-8ubuntu1.8",
            "libdns-export162-udeb": "1:9.10.3.dfsg.P4-8ubuntu1.8",
            "libdns162": "1:9.10.3.dfsg.P4-8ubuntu1.8",
            "bind9utils": "1:9.10.3.dfsg.P4-8ubuntu1.8",
            "libisc-export160-udeb": "1:9.10.3.dfsg.P4-8ubuntu1.8",
            "libisc-export160": "1:9.10.3.dfsg.P4-8ubuntu1.8",
            "libirs-export141-udeb": "1:9.10.3.dfsg.P4-8ubuntu1.8",
            "bind9": "1:9.10.3.dfsg.P4-8ubuntu1.8",
            "libisc160": "1:9.10.3.dfsg.P4-8ubuntu1.8",
            "libbind-dev": "1:9.10.3.dfsg.P4-8ubuntu1.8",
            "host": "1:9.10.3.dfsg.P4-8ubuntu1.8",
            "libisccfg-export140-udeb": "1:9.10.3.dfsg.P4-8ubuntu1.8",
            "libisccfg-export140": "1:9.10.3.dfsg.P4-8ubuntu1.8",
            "bind9-doc": "1:9.10.3.dfsg.P4-8ubuntu1.8",
            "libisccc140": "1:9.10.3.dfsg.P4-8ubuntu1.8",
            "libdns-export162": "1:9.10.3.dfsg.P4-8ubuntu1.8",
            "libisccfg140": "1:9.10.3.dfsg.P4-8ubuntu1.8",
            "libbind9-140": "1:9.10.3.dfsg.P4-8ubuntu1.8",
            "libisccc-export140-udeb": "1:9.10.3.dfsg.P4-8ubuntu1.8",
            "libirs141": "1:9.10.3.dfsg.P4-8ubuntu1.8",
            "libbind-export-dev": "1:9.10.3.dfsg.P4-8ubuntu1.8",
            "bind9-host": "1:9.10.3.dfsg.P4-8ubuntu1.8",
            "liblwres141": "1:9.10.3.dfsg.P4-8ubuntu1.8",
            "dnsutils": "1:9.10.3.dfsg.P4-8ubuntu1.8"
        }
    ]
}