Security update for bind SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2017:1809-1 Final 1 1 2017-07-06T16:16:04Z current 2017-07-06T16:16:04Z 2017-07-06T16:16:04Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for bind This update for bind fixes the following issues: - An attacker with the ability to send and receive messages to an authoritative DNS server was able to circumvent TSIG authentication of AXFR requests. A server that relied solely on TSIG keys for protection could be manipulated into (1) providing an AXFR of a zone to an unauthorized recipient and (2) accepting bogus Notify packets. [bsc#1046554, CVE-2017-3142] - An attacker who with the ability to send and receive messages to an authoritative DNS server and who had knowledge of a valid TSIG key name for the zone and service being targeted was able to manipulate BIND into accepting an unauthorized dynamic update. [bsc#1046555, CVE-2017-3143] This update was imported from the SUSE:SLE-12-SP1:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2017-07/msg00007.html E-Mail link for openSUSE-SU-2017:1809-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.2 bind-9.9.9P1-48.6.1 bind-chrootenv-9.9.9P1-48.6.1 bind-devel-9.9.9P1-48.6.1 bind-doc-9.9.9P1-48.6.1 bind-libs-9.9.9P1-48.6.1 bind-libs-32bit-9.9.9P1-48.6.1 bind-lwresd-9.9.9P1-48.6.1 bind-utils-9.9.9P1-48.6.1 bind-9.9.9P1-48.6.1 as a component of openSUSE Leap 42.2 bind-chrootenv-9.9.9P1-48.6.1 as a component of openSUSE Leap 42.2 bind-devel-9.9.9P1-48.6.1 as a component of openSUSE Leap 42.2 bind-doc-9.9.9P1-48.6.1 as a component of openSUSE Leap 42.2 bind-libs-9.9.9P1-48.6.1 as a component of openSUSE Leap 42.2 bind-libs-32bit-9.9.9P1-48.6.1 as a component of openSUSE Leap 42.2 bind-lwresd-9.9.9P1-48.6.1 as a component of openSUSE Leap 42.2 bind-utils-9.9.9P1-48.6.1 as a component of openSUSE Leap 42.2 An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys for protection with no other ACL protection could be manipulated into: providing an AXFR of a zone to an unauthorized recipient or accepting bogus NOTIFY packets. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2. CVE-2017-3142 openSUSE Leap 42.2:bind-9.9.9P1-48.6.1 openSUSE Leap 42.2:bind-chrootenv-9.9.9P1-48.6.1 openSUSE Leap 42.2:bind-devel-9.9.9P1-48.6.1 openSUSE Leap 42.2:bind-doc-9.9.9P1-48.6.1 openSUSE Leap 42.2:bind-libs-32bit-9.9.9P1-48.6.1 openSUSE Leap 42.2:bind-libs-9.9.9P1-48.6.1 openSUSE Leap 42.2:bind-lwresd-9.9.9P1-48.6.1 openSUSE Leap 42.2:bind-utils-9.9.9P1-48.6.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-07/msg00007.html https://www.suse.com/security/cve/CVE-2017-3142.html CVE-2017-3142 https://bugzilla.suse.com/1024130 SUSE Bug 1024130 https://bugzilla.suse.com/1046554 SUSE Bug 1046554 https://bugzilla.suse.com/1046555 SUSE Bug 1046555 An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2. CVE-2017-3143 openSUSE Leap 42.2:bind-9.9.9P1-48.6.1 openSUSE Leap 42.2:bind-chrootenv-9.9.9P1-48.6.1 openSUSE Leap 42.2:bind-devel-9.9.9P1-48.6.1 openSUSE Leap 42.2:bind-doc-9.9.9P1-48.6.1 openSUSE Leap 42.2:bind-libs-32bit-9.9.9P1-48.6.1 openSUSE Leap 42.2:bind-libs-9.9.9P1-48.6.1 openSUSE Leap 42.2:bind-lwresd-9.9.9P1-48.6.1 openSUSE Leap 42.2:bind-utils-9.9.9P1-48.6.1 important 7.1 AV:N/AC:M/Au:N/C:N/I:C/A:N Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-07/msg00007.html https://www.suse.com/security/cve/CVE-2017-3143.html CVE-2017-3143 https://bugzilla.suse.com/1024130 SUSE Bug 1024130 https://bugzilla.suse.com/1046554 SUSE Bug 1046554 https://bugzilla.suse.com/1046555 SUSE Bug 1046555