openSUSE Security Update : bind (openSUSE-2017-491)

high Nessus Plugin ID 99499

Language:

New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for bind fixes the following issues :

CVE-2017-3137 (bsc#1033467): Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could have been exploited to cause a denial of service of a bind server performing recursion.

CVE-2017-3136 (bsc#1033466): An attacker could have constructed a query that would cause a denial of service of servers configured to use DNS64.

CVE-2017-3138 (bsc#1033468): An attacker with access to the BIND control channel could have caused the server to stop by triggering an assertion failure.

CVE-2016-6170 (bsc#987866): Primary DNS servers could have caused a denial of service of secondary DNS servers via a large AXFR response.
IXFR servers could have caused a denial of service of IXFR clients via a large IXFR response. Remote authenticated users could have caused a denial of service of primary DNS servers via a large UPDATE message.

CVE-2016-2775 (bsc#989528): When lwresd or the named lwres option were enabled, bind allowed remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol.

One additional non-security bug was fixed :

The default umask was changed to 077. (bsc#1020983)

This update was imported from the SUSE:SLE-12-SP1:Update update project.

Solution

Update the affected bind packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1020983

https://bugzilla.opensuse.org/show_bug.cgi?id=1033466

https://bugzilla.opensuse.org/show_bug.cgi?id=1033467

https://bugzilla.opensuse.org/show_bug.cgi?id=1033468

https://bugzilla.opensuse.org/show_bug.cgi?id=987866

https://bugzilla.opensuse.org/show_bug.cgi?id=989528

Plugin Details

Severity: High

ID: 99499

File Name: openSUSE-2017-491.nasl

Version: 3.6

Type: local

Agent: unix

Published: 4/20/2017

Updated: 1/19/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS v3

Risk Factor: High

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vulnerability Information

CPE: cpe:2.3:o:novell:opensuse:42.1:*:*:*:*:*:*:*, cpe:2.3:o:novell:opensuse:42.2:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:bind:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:bind-chrootenv:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:bind-debuginfo:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:bind-debugsource:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:bind-devel:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:bind-libs:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:bind-libs-32bit:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:bind-libs-debuginfo:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:bind-libs-debuginfo-32bit:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:bind-lwresd:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:bind-lwresd-debuginfo:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:bind-utils:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:bind-utils-debuginfo:*:*:*:*:*:*:*

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 4/19/2017

Vulnerability Publication Date: 7/6/2016

Reference Information

CVE: CVE-2016-2775, CVE-2016-6170, CVE-2017-3136, CVE-2017-3137, CVE-2017-3138

IAVA: 2017-A-0004