Overview

File _patchinfo of Package patchinfo.6954

<patchinfo incident="6954">
  <packager>psimons</packager>
  <issue tracker="bnc" id="1046554">CVE-2017-3142: bind: An error in TSIG authentication can permit unauthorized zone transfers</issue>
  <issue tracker="bnc" id="1046555">CVE-2017-3143: bind: An error in TSIG authentication can permit unauthorized dynamic updates</issue>
  <issue tracker="cve" id="2017-3142"></issue>
  <issue tracker="cve" id="2017-3143"></issue>
  <category>security</category>
  <rating>important</rating>
  <summary>Security update for bind</summary>
  <description>This update for bind fixes the following issues:

- An attacker with the ability to send and receive messages to an authoritative
  DNS server was able to circumvent TSIG authentication of AXFR requests. A
  server that relied solely on TSIG keys for protection could be manipulated
  into (1) providing an AXFR of a zone to an unauthorized recipient and (2)
  accepting bogus Notify packets. [bsc#1046554, CVE-2017-3142]

- An attacker who with the ability to send and receive messages to an
  authoritative DNS server and who had knowledge of a valid TSIG key name for
  the zone and service being targeted was able to manipulate BIND into
  accepting an unauthorized dynamic update. [bsc#1046555, CVE-2017-3143]

This update was imported from the SUSE:SLE-12-SP1:Update update project.</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places