[Secure-testing-commits] r51621 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sun May 14 17:28:28 UTC 2017
Author: carnil
Date: 2017-05-14 17:28:28 +0000 (Sun, 14 May 2017)
New Revision: 51621
Modified:
data/CVE/list
Log:
Add notes for CVE-2017-3138/bind9
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-05-14 17:24:49 UTC (rev 51620)
+++ data/CVE/list 2017-05-14 17:28:28 UTC (rev 51621)
@@ -16719,6 +16719,11 @@
- bind9 1:9.10.3.dfsg.P4-12.3 (bug #860226)
NOTE: https://kb.isc.org/article/AA-01471
NOTE: Fixed by (9.10.x): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=a636604b20cc0aaabc8edbb7595f7c1c820b7610
+ NOTE: In practice for any Debian version applying this commit is merely
+ NOTE: hardening, since the feature to allow only a subset of "read only"
+ NOTE: commands was added only in 9.11.0 and before existing commands permitted
+ NOTE: over the control channel were already be given to cause the server to stop.
+ NOTE: The CVE-2017-3138 is barely an issue in practice anyway.
CVE-2017-3137 [A response packet can cause a resolver to terminate when processing an answer containing a CNAME or DNAME]
RESERVED
- bind9 1:9.10.3.dfsg.P4-12.3 (bug #860225)
More information about the Secure-testing-commits
mailing list