| Revision Date: | 2017-06-29 | Version: | 1 |
| Title: | Security update for bind (Important) |
| Description: |
This update for bind fixes the following issues:
- An attacker with the ability to send and receive messages to an authoritative DNS server was able to circumvent TSIG authentication of AXFR requests. A server that relied solely on TSIG keys for protection could be manipulated into (1) providing an AXFR of a zone to an unauthorized recipient and (2) accepting bogus Notify packets. [bsc#1046554, CVE-2017-3142]
- An attacker who with the ability to send and receive messages to an authoritative DNS server and who had knowledge of a valid TSIG key name for the zone and service being targeted was able to manipulate BIND into accepting an unauthorized dynamic update. [bsc#1046555, CVE-2017-3143]
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | 1046554
1046555
CVE-2017-3142
CVE-2017-3143
SUSE-SU-2017:1736-1
|
| Platform(s): | SUSE Linux Enterprise Desktop 12 SP2
| Product(s): | |
| Definition Synopsis |
| SUSE Linux Enterprise Desktop 12 SP2 is installed AND Package Information
bind-libs-9.9.9P1-62.1 is installed
OR bind-libs-32bit-9.9.9P1-62.1 is installed
OR bind-utils-9.9.9P1-62.1 is installed
|