CVE-2017-3142

Priority
Medium
Description
An error in TSIG authentication can permit unauthorized zone transfers.
An attacker may be able to circumvent TSIG authentication of AXFR and
Notify requests.
References
Notes
 sbeattie> may have introduced regression (see isc email)
Package
Source: bind9 (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 17.10 (Artful Aardvark):released (1:9.10.3.dfsg.P4-10.1ubuntu7)
Ubuntu 12.04 ESM (Precise Pangolin):needed
Ubuntu 14.04 LTS (Trusty Tahr):released (1:9.9.5.dfsg-3ubuntu0.15)
Ubuntu 16.04 LTS (Xenial Xerus):released (1:9.10.3.dfsg.P4-8ubuntu1.7)
Ubuntu 17.04 (Zesty Zapus):released (1:9.10.3.dfsg.P4-10.1ubuntu5.1)
More Information

Updated: 2017-10-23 12:30:53 UTC (commit 13562)