Описание
Security update for bind
This update for bind fixes the following issues:
- Fixed a possible denial of service vulnerability (affected only configurations using both DNS64 and RPZ, CVE-2017-3135, bsc#1024130)
Список пакетов
SUSE Linux Enterprise Server 12-LTSS
bind-9.9.9P1-28.29.1
bind-chrootenv-9.9.9P1-28.29.1
bind-doc-9.9.9P1-28.29.1
bind-libs-9.9.9P1-28.29.1
bind-libs-32bit-9.9.9P1-28.29.1
bind-utils-9.9.9P1-28.29.1
SUSE Linux Enterprise Server for SAP Applications 12
bind-9.9.9P1-28.29.1
bind-chrootenv-9.9.9P1-28.29.1
bind-doc-9.9.9P1-28.29.1
bind-libs-9.9.9P1-28.29.1
bind-libs-32bit-9.9.9P1-28.29.1
bind-utils-9.9.9P1-28.29.1
Ссылки
- Link for SUSE-SU-2017:0594-1
- E-Mail link for SUSE-SU-2017:0594-1
- SUSE Security Ratings
- SUSE Bug 1024130
- SUSE CVE CVE-2017-3135 page
Описание
Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9.9-P5, 9.9.10b1, 9.10.0 -> 9.10.4-P5, 9.10.5b1, 9.11.0 -> 9.11.0-P2, 9.11.1b1.
Затронутые продукты
SUSE Linux Enterprise Server 12-LTSS:bind-9.9.9P1-28.29.1
SUSE Linux Enterprise Server 12-LTSS:bind-chrootenv-9.9.9P1-28.29.1
SUSE Linux Enterprise Server 12-LTSS:bind-doc-9.9.9P1-28.29.1
SUSE Linux Enterprise Server 12-LTSS:bind-libs-32bit-9.9.9P1-28.29.1
Ссылки
- CVE-2017-3135
- SUSE Bug 1018700
- SUSE Bug 1018701
- SUSE Bug 1018702
- SUSE Bug 1024130
- SUSE Bug 1033466