Security update for bind
SUSE Patch
security@suse.de
SUSE Security Team
SUSE-SU-2017:1736-1
Final
1
1
2017-06-29T20:21:17Z
current
2017-06-29T20:21:17Z
2017-06-29T20:21:17Z
cve-database/bin/generate-cvrf.pl
2017-02-24T01:00:00Z
Security update for bind
This update for bind fixes the following issues:
- An attacker with the ability to send and receive messages to an authoritative
DNS server was able to circumvent TSIG authentication of AXFR requests. A
server that relied solely on TSIG keys for protection could be manipulated
into (1) providing an AXFR of a zone to an unauthorized recipient and (2)
accepting bogus Notify packets. [bsc#1046554, CVE-2017-3142]
- An attacker who with the ability to send and receive messages to an
authoritative DNS server and who had knowledge of a valid TSIG key name for
the zone and service being targeted was able to manipulate BIND into
accepting an unauthorized dynamic update. [bsc#1046555, CVE-2017-3143]
The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
SUSE-OpenStack-Cloud-6-2017-1080,SUSE-SLE-DESKTOP-12-SP2-2017-1080,SUSE-SLE-RPI-12-SP2-2017-1080,SUSE-SLE-SAP-12-SP1-2017-1080,SUSE-SLE-SDK-12-SP2-2017-1080,SUSE-SLE-SERVER-12-SP1-2017-1080,SUSE-SLE-SERVER-12-SP2-2017-1080
Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)
https://www.suse.com/support/update/announcement/2017/suse-su-20171736-1/
Link for SUSE-SU-2017:1736-1
https://lists.suse.com/pipermail/sle-security-updates/2017-June/002997.html
E-Mail link for SUSE-SU-2017:1736-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1046554
SUSE Bug 1046554
https://bugzilla.suse.com/1046555
SUSE Bug 1046555
https://www.suse.com/security/cve/CVE-2017-3142/
SUSE CVE CVE-2017-3142 page
https://www.suse.com/security/cve/CVE-2017-3143/
SUSE CVE CVE-2017-3143 page
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
SUSE Linux Enterprise Software Development Kit 12 SP2
SUSE OpenStack Cloud 6
bind-9.9.9P1-62.1
bind-chrootenv-9.9.9P1-62.1
bind-devel-9.9.9P1-62.1
bind-doc-9.9.9P1-62.1
bind-libs-9.9.9P1-62.1
bind-libs-32bit-9.9.9P1-62.1
bind-utils-9.9.9P1-62.1
bind-libs-9.9.9P1-62.1 as a component of SUSE Linux Enterprise Desktop 12 SP2
bind-libs-32bit-9.9.9P1-62.1 as a component of SUSE Linux Enterprise Desktop 12 SP2
bind-utils-9.9.9P1-62.1 as a component of SUSE Linux Enterprise Desktop 12 SP2
bind-9.9.9P1-62.1 as a component of SUSE Linux Enterprise Server 12 SP1-LTSS
bind-chrootenv-9.9.9P1-62.1 as a component of SUSE Linux Enterprise Server 12 SP1-LTSS
bind-devel-9.9.9P1-62.1 as a component of SUSE Linux Enterprise Server 12 SP1-LTSS
bind-doc-9.9.9P1-62.1 as a component of SUSE Linux Enterprise Server 12 SP1-LTSS
bind-libs-9.9.9P1-62.1 as a component of SUSE Linux Enterprise Server 12 SP1-LTSS
bind-libs-32bit-9.9.9P1-62.1 as a component of SUSE Linux Enterprise Server 12 SP1-LTSS
bind-utils-9.9.9P1-62.1 as a component of SUSE Linux Enterprise Server 12 SP1-LTSS
bind-9.9.9P1-62.1 as a component of SUSE Linux Enterprise Server 12 SP2
bind-chrootenv-9.9.9P1-62.1 as a component of SUSE Linux Enterprise Server 12 SP2
bind-doc-9.9.9P1-62.1 as a component of SUSE Linux Enterprise Server 12 SP2
bind-libs-9.9.9P1-62.1 as a component of SUSE Linux Enterprise Server 12 SP2
bind-libs-32bit-9.9.9P1-62.1 as a component of SUSE Linux Enterprise Server 12 SP2
bind-utils-9.9.9P1-62.1 as a component of SUSE Linux Enterprise Server 12 SP2
bind-9.9.9P1-62.1 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
bind-chrootenv-9.9.9P1-62.1 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
bind-doc-9.9.9P1-62.1 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
bind-libs-9.9.9P1-62.1 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
bind-utils-9.9.9P1-62.1 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
bind-9.9.9P1-62.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1
bind-chrootenv-9.9.9P1-62.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1
bind-devel-9.9.9P1-62.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1
bind-doc-9.9.9P1-62.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1
bind-libs-9.9.9P1-62.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1
bind-libs-32bit-9.9.9P1-62.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1
bind-utils-9.9.9P1-62.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1
bind-9.9.9P1-62.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2
bind-chrootenv-9.9.9P1-62.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2
bind-doc-9.9.9P1-62.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2
bind-libs-9.9.9P1-62.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2
bind-libs-32bit-9.9.9P1-62.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2
bind-utils-9.9.9P1-62.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2
bind-devel-9.9.9P1-62.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP2
bind-9.9.9P1-62.1 as a component of SUSE OpenStack Cloud 6
bind-chrootenv-9.9.9P1-62.1 as a component of SUSE OpenStack Cloud 6
bind-devel-9.9.9P1-62.1 as a component of SUSE OpenStack Cloud 6
bind-doc-9.9.9P1-62.1 as a component of SUSE OpenStack Cloud 6
bind-libs-9.9.9P1-62.1 as a component of SUSE OpenStack Cloud 6
bind-libs-32bit-9.9.9P1-62.1 as a component of SUSE OpenStack Cloud 6
bind-utils-9.9.9P1-62.1 as a component of SUSE OpenStack Cloud 6
An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys for protection with no other ACL protection could be manipulated into: providing an AXFR of a zone to an unauthorized recipient or accepting bogus NOTIFY packets. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2.
CVE-2017-3142
SUSE Linux Enterprise Desktop 12 SP2:bind-libs-32bit-9.9.9P1-62.1
SUSE Linux Enterprise Desktop 12 SP2:bind-libs-9.9.9P1-62.1
SUSE Linux Enterprise Desktop 12 SP2:bind-utils-9.9.9P1-62.1
SUSE Linux Enterprise Server 12 SP1-LTSS:bind-9.9.9P1-62.1
SUSE Linux Enterprise Server 12 SP1-LTSS:bind-chrootenv-9.9.9P1-62.1
SUSE Linux Enterprise Server 12 SP1-LTSS:bind-devel-9.9.9P1-62.1
SUSE Linux Enterprise Server 12 SP1-LTSS:bind-doc-9.9.9P1-62.1
SUSE Linux Enterprise Server 12 SP1-LTSS:bind-libs-32bit-9.9.9P1-62.1
SUSE Linux Enterprise Server 12 SP1-LTSS:bind-libs-9.9.9P1-62.1
SUSE Linux Enterprise Server 12 SP1-LTSS:bind-utils-9.9.9P1-62.1
SUSE Linux Enterprise Server 12 SP2:bind-9.9.9P1-62.1
SUSE Linux Enterprise Server 12 SP2:bind-chrootenv-9.9.9P1-62.1
SUSE Linux Enterprise Server 12 SP2:bind-doc-9.9.9P1-62.1
SUSE Linux Enterprise Server 12 SP2:bind-libs-32bit-9.9.9P1-62.1
SUSE Linux Enterprise Server 12 SP2:bind-libs-9.9.9P1-62.1
SUSE Linux Enterprise Server 12 SP2:bind-utils-9.9.9P1-62.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:bind-9.9.9P1-62.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:bind-chrootenv-9.9.9P1-62.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:bind-doc-9.9.9P1-62.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:bind-libs-9.9.9P1-62.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:bind-utils-9.9.9P1-62.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:bind-9.9.9P1-62.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:bind-chrootenv-9.9.9P1-62.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:bind-devel-9.9.9P1-62.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:bind-doc-9.9.9P1-62.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:bind-libs-32bit-9.9.9P1-62.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:bind-libs-9.9.9P1-62.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:bind-utils-9.9.9P1-62.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2:bind-9.9.9P1-62.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2:bind-chrootenv-9.9.9P1-62.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2:bind-doc-9.9.9P1-62.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2:bind-libs-32bit-9.9.9P1-62.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2:bind-libs-9.9.9P1-62.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2:bind-utils-9.9.9P1-62.1
SUSE Linux Enterprise Software Development Kit 12 SP2:bind-devel-9.9.9P1-62.1
SUSE OpenStack Cloud 6:bind-9.9.9P1-62.1
SUSE OpenStack Cloud 6:bind-chrootenv-9.9.9P1-62.1
SUSE OpenStack Cloud 6:bind-devel-9.9.9P1-62.1
SUSE OpenStack Cloud 6:bind-doc-9.9.9P1-62.1
SUSE OpenStack Cloud 6:bind-libs-32bit-9.9.9P1-62.1
SUSE OpenStack Cloud 6:bind-libs-9.9.9P1-62.1
SUSE OpenStack Cloud 6:bind-utils-9.9.9P1-62.1
important
4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2017/suse-su-20171736-1/
https://www.suse.com/security/cve/CVE-2017-3142.html
CVE-2017-3142
https://bugzilla.suse.com/1024130
SUSE Bug 1024130
https://bugzilla.suse.com/1046554
SUSE Bug 1046554
https://bugzilla.suse.com/1046555
SUSE Bug 1046555
An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2.
CVE-2017-3143
SUSE Linux Enterprise Desktop 12 SP2:bind-libs-32bit-9.9.9P1-62.1
SUSE Linux Enterprise Desktop 12 SP2:bind-libs-9.9.9P1-62.1
SUSE Linux Enterprise Desktop 12 SP2:bind-utils-9.9.9P1-62.1
SUSE Linux Enterprise Server 12 SP1-LTSS:bind-9.9.9P1-62.1
SUSE Linux Enterprise Server 12 SP1-LTSS:bind-chrootenv-9.9.9P1-62.1
SUSE Linux Enterprise Server 12 SP1-LTSS:bind-devel-9.9.9P1-62.1
SUSE Linux Enterprise Server 12 SP1-LTSS:bind-doc-9.9.9P1-62.1
SUSE Linux Enterprise Server 12 SP1-LTSS:bind-libs-32bit-9.9.9P1-62.1
SUSE Linux Enterprise Server 12 SP1-LTSS:bind-libs-9.9.9P1-62.1
SUSE Linux Enterprise Server 12 SP1-LTSS:bind-utils-9.9.9P1-62.1
SUSE Linux Enterprise Server 12 SP2:bind-9.9.9P1-62.1
SUSE Linux Enterprise Server 12 SP2:bind-chrootenv-9.9.9P1-62.1
SUSE Linux Enterprise Server 12 SP2:bind-doc-9.9.9P1-62.1
SUSE Linux Enterprise Server 12 SP2:bind-libs-32bit-9.9.9P1-62.1
SUSE Linux Enterprise Server 12 SP2:bind-libs-9.9.9P1-62.1
SUSE Linux Enterprise Server 12 SP2:bind-utils-9.9.9P1-62.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:bind-9.9.9P1-62.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:bind-chrootenv-9.9.9P1-62.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:bind-doc-9.9.9P1-62.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:bind-libs-9.9.9P1-62.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:bind-utils-9.9.9P1-62.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:bind-9.9.9P1-62.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:bind-chrootenv-9.9.9P1-62.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:bind-devel-9.9.9P1-62.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:bind-doc-9.9.9P1-62.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:bind-libs-32bit-9.9.9P1-62.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:bind-libs-9.9.9P1-62.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:bind-utils-9.9.9P1-62.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2:bind-9.9.9P1-62.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2:bind-chrootenv-9.9.9P1-62.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2:bind-doc-9.9.9P1-62.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2:bind-libs-32bit-9.9.9P1-62.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2:bind-libs-9.9.9P1-62.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2:bind-utils-9.9.9P1-62.1
SUSE Linux Enterprise Software Development Kit 12 SP2:bind-devel-9.9.9P1-62.1
SUSE OpenStack Cloud 6:bind-9.9.9P1-62.1
SUSE OpenStack Cloud 6:bind-chrootenv-9.9.9P1-62.1
SUSE OpenStack Cloud 6:bind-devel-9.9.9P1-62.1
SUSE OpenStack Cloud 6:bind-doc-9.9.9P1-62.1
SUSE OpenStack Cloud 6:bind-libs-32bit-9.9.9P1-62.1
SUSE OpenStack Cloud 6:bind-libs-9.9.9P1-62.1
SUSE OpenStack Cloud 6:bind-utils-9.9.9P1-62.1
important
7.1
AV:N/AC:M/Au:N/C:N/I:C/A:N
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2017/suse-su-20171736-1/
https://www.suse.com/security/cve/CVE-2017-3143.html
CVE-2017-3143
https://bugzilla.suse.com/1024130
SUSE Bug 1024130
https://bugzilla.suse.com/1046554
SUSE Bug 1046554
https://bugzilla.suse.com/1046555
SUSE Bug 1046555