|Category:||SuSE Local Security Checks|
|Title:||SUSE: Security Advisory (SUSE-SU-2017:1737-1)|
|Summary:||The remote host is missing an update for the 'bind' package(s) announced via the SUSE-SU-2017:1737-1 advisory.|
The remote host is missing an update for the 'bind' package(s) announced via the SUSE-SU-2017:1737-1 advisory.
This update for bind fixes the following issues:
- An attacker with the ability to send and receive messages to an
authoritative DNS server was able to circumvent TSIG authentication of
AXFR requests. A server that relied solely on TSIG keys for protection
could be manipulated into (1) providing an AXFR of a zone to an
unauthorized recipient and (2) accepting bogus Notify packets.
- An attacker who with the ability to send and receive messages to an
authoritative DNS server and who had knowledge of a valid TSIG key name
for the zone and service being targeted was able to manipulate BIND into
accepting an unauthorized dynamic update. [bsc#1046555, CVE-2017-3143]
'bind' package(s) on SUSE Linux Enterprise Software Development Kit 11-SP4, SUSE Linux Enterprise Server 11-SP4, SUSE Linux Enterprise Server 11-SP3, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Debuginfo 11-SP3
Please install the updated package(s).
Common Vulnerability Exposure (CVE) ID: CVE-2017-3142|
BugTraq ID: 99339
Debian Security Information: DSA-3904 (Google Search)
RedHat Security Advisories: RHSA-2017:1679
RedHat Security Advisories: RHSA-2017:1680
Common Vulnerability Exposure (CVE) ID: CVE-2017-3143
BugTraq ID: 99337
|Copyright||Copyright (C) 2021 Greenbone Networks GmbH|
|This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.