Overview

File _patchinfo of Package patchinfo.5084

<patchinfo incident="5084">
  <issue id="1046554" tracker="bnc">CVE-2017-3142: bind: An error in TSIG authentication can permit unauthorized zone transfers</issue>
  <issue id="1046555" tracker="bnc">CVE-2017-3143: bind: An error in TSIG authentication can permit unauthorized dynamic updates</issue>
  <issue id="2017-3142" tracker="cve" />
  <issue id="2017-3143" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>psimons</packager>
  <description>This update for bind fixes the following issues:

- An attacker with the ability to send and receive messages to an authoritative
  DNS server was able to circumvent TSIG authentication of AXFR requests. A
  server that relied solely on TSIG keys for protection could be manipulated
  into (1) providing an AXFR of a zone to an unauthorized recipient and (2)
  accepting bogus Notify packets. [bsc#1046554, CVE-2017-3142]

- An attacker who with the ability to send and receive messages to an
  authoritative DNS server and who had knowledge of a valid TSIG key name for
  the zone and service being targeted was able to manipulate BIND into
  accepting an unauthorized dynamic update. [bsc#1046555, CVE-2017-3143]
</description>
  <summary>Security update for bind</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places