ALAS-2017-826

Metadata

high
unknown
bind
CVE-2017-3136, CVE-2017-3137
2017-04-27
2017-04-27 21:03
v3.5/main/bind-9.10.4_p8-r0
v3.6/main/bind-9.11.0_p5-r0
CVE-2017-3137 bind9
CVE-2017-3136 bind9
CVE-2017-3136
CVE-2017-3137

Description

A denial of service flaw was found in the way BIND handled a query response containing CNAME or DNAME resource records in an unusual order. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. (CVE-2017-3137 )A denial of service flaw was found in the way BIND handled query requests when using DNS64 with "break-dnssec yes" option. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS request. (CVE-2017-3136 )Upstream acknowledges Oleg Gorokhov (Yandex) as the original reporter of CVE-2017-3136 .

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Package Patched in
bind bind-9.8.2-0.62.rc1.54.amzn1.src
bind bind-9.8.2-0.62.rc1.54.amzn1.i686
bind bind-9.8.2-0.62.rc1.54.amzn1.x86_64
bind-chroot bind-chroot-9.8.2-0.62.rc1.54.amzn1.x86_64
bind-chroot bind-chroot-9.8.2-0.62.rc1.54.amzn1.i686
bind-debuginfo bind-debuginfo-9.8.2-0.62.rc1.54.amzn1.x86_64
bind-debuginfo bind-debuginfo-9.8.2-0.62.rc1.54.amzn1.i686
bind-devel bind-devel-9.8.2-0.62.rc1.54.amzn1.i686
bind-devel bind-devel-9.8.2-0.62.rc1.54.amzn1.x86_64
bind-libs bind-libs-9.8.2-0.62.rc1.54.amzn1.i686
bind-libs bind-libs-9.8.2-0.62.rc1.54.amzn1.x86_64
bind-sdb bind-sdb-9.8.2-0.62.rc1.54.amzn1.x86_64
bind-sdb bind-sdb-9.8.2-0.62.rc1.54.amzn1.i686
bind-utils bind-utils-9.8.2-0.62.rc1.54.amzn1.i686
bind-utils bind-utils-9.8.2-0.62.rc1.54.amzn1.x86_64