-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3795-1 security@xxxxxxxxxx https://www.debian.org/security/ Michael Gilbert February 26, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : bind9 CVE ID : CVE-2017-3135 Debian Bug : 855520 It was discovered that a maliciously crafted query can cause ISC's BIND DNS server (named) to crash if both Response Policy Zones (RPZ) and DNS64 (a bridge between IPv4 and IPv6 networks) are enabled. It is uncommon for both of these options to be used in combination, so very few systems will be affected by this problem in practice. This update also corrects an additional regression caused by the fix for CVE-2016-8864, which was applied in a previous security update. For the stable distribution (jessie), this problem has been fixed in version 1:9.9.5.dfsg-9+deb8u10. For the testing (stretch) and unstable (sid) distributions, this problem has been fixed in version 1:9.10.3.dfsg.P4-12. We recommend that you upgrade your bind9 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx -----BEGIN PGP SIGNATURE----- iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAliyQEYACgkQuNayzQLW 9HMZVx/9H5lwU5/miP1j2JDkWToPNQRWa5Tm+UI1X+8APc+k1CsjPj7DESEJ5vKr kZigmrWnuVbla1K+19sL3zYgBeN2PIOQywEyeP4Os33zufAvjSxiwNmxd7lABlF8 cpryWmdStxkFGapgHnjNJkAtRADiRr904Yy4EVMIlowaDxf2xoFScvKGkDfwQb2E /xzGoRVC8gzWGUtAqTPk1PTuN3XoHLBxLP0u+tthkuBA7QI1GxBuu+hKc+NrBDN5 QT9sIF+5aVEnWOhRoCRwpCfeelBG0LDB0VZrVl6Wbp3rj78urw6Eo3wKEpO9HHR3 iICnTf1/QddHOEUwkWC0XVoUddqI9QYhb7EYiqRWMBNEaQAQANBHG4eQtX0Y/TE6 GwqeLXTLiBP+jZExvZxMhoQ10grg3fXExG1FuW/rAF+YlxQTyAhDSUXFuNtuVVtZ +V5GMLbXIdsW4G5JEGNHuiiwJYzhp4l3r3c0FrvgcXJ9r8YEwalBCVjAshc31Eq8 Fd+VAQAiTfiA9KHEFxAhWRn1IS73K5ByitJeJ2n5qfXB7GrJZal9Y3snegmA1PGD 8ZQ2tryJ2GD7yVXe73+isZiTYPPzPasoAys/UN08F/j3yO44vIdgjJg8xnQ7N+lN outKPUmZ3wuttJZa4MtsSw3fUYKYIQDqljsGnZ0592B+V44aq4UvZ7nOJkfTkiV3 o8B16trbMzOWICSglhPasf3XJrG3dKNOpuWj964g898w4mzJjEwSMU6edQj7kHTz OMK2Tup+tndHoAPtm5ymN709zx7RPpZ9tRoTdWqQkgemJfPpLMG26/oyCVfL2+a7 RqnWJWlvpj2RVfctO2ESMw9GYJ1vDib/M1S9NKZADMFTBMVfuAGcheS7KaObtO8V B7UnDOE1Q7O1LRl7krvAbRcJkmDM2QdsrJJWSfCwaCrI4Tv4qJZbi4OtvEE92UQh YqoSYT+j7AAFiiEg4YQ230S/VeF5a9aF5rAqrk2V15pCbldTVApqKqXy9G6w+8hK aG5JK+K3y5PF07E+cXynfyMKKM1jIFckrgBLx53gXeAl3gGuggmZr0aXnY2+KCyR lQIwf+b+hYJlIPgT1PaxCDGrRZ1O9qlQvfkMkZubN6NUKUSWMkNzgdXd+oY6ETn+ MR8W/qz/mWhgCq7BBzkpO/HzNaQ+h2x+2/0NS6tXP8SQEw/8W4zsxwKg3tuXVVOd Ix5SMLkcb0VxzOvvLxycdbu/cAQa7rJyZdhAsR639aIlIy/1SVtKyPalnmAet6vm YuVtOWErusmlnCLlB2uLRpGFqNMByNjx9UyQfCQILHyY6yC6+O1gOv6ZAIdFivc/ bcY/PLeQuTJqF7UymjuTnZ3617ADRQ== =wXg6 -----END PGP SIGNATURE-----