openSUSE Security Update : bind (openSUSE-2017-491)

Medium Nessus Plugin ID 99499


The remote openSUSE host is missing a security update.


This update for bind fixes the following issues :

CVE-2017-3137 (bsc#1033467): Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could have been exploited to cause a denial of service of a bind server performing recursion.

CVE-2017-3136 (bsc#1033466): An attacker could have constructed a query that would cause a denial of service of servers configured to use DNS64.

CVE-2017-3138 (bsc#1033468): An attacker with access to the BIND control channel could have caused the server to stop by triggering an assertion failure.

CVE-2016-6170 (bsc#987866): Primary DNS servers could have caused a denial of service of secondary DNS servers via a large AXFR response.
IXFR servers could have caused a denial of service of IXFR clients via a large IXFR response. Remote authenticated users could have caused a denial of service of primary DNS servers via a large UPDATE message.

CVE-2016-2775 (bsc#989528): When lwresd or the named lwres option were enabled, bind allowed remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol.

One additional non-security bug was fixed :

The default umask was changed to 077. (bsc#1020983)

This update was imported from the SUSE:SLE-12-SP1:Update update project.


Update the affected bind packages.

See Also

Plugin Details

Severity: Medium

ID: 99499

File Name: openSUSE-2017-491.nasl

Version: $Revision: 3.3 $

Type: local

Agent: unix

Published: 2017/04/20

Modified: 2017/06/26

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P


Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:bind, p-cpe:/a:novell:opensuse:bind-chrootenv, p-cpe:/a:novell:opensuse:bind-debuginfo, p-cpe:/a:novell:opensuse:bind-debugsource, p-cpe:/a:novell:opensuse:bind-devel, p-cpe:/a:novell:opensuse:bind-libs, p-cpe:/a:novell:opensuse:bind-libs-32bit, p-cpe:/a:novell:opensuse:bind-libs-debuginfo, p-cpe:/a:novell:opensuse:bind-libs-debuginfo-32bit, p-cpe:/a:novell:opensuse:bind-lwresd, p-cpe:/a:novell:opensuse:bind-lwresd-debuginfo, p-cpe:/a:novell:opensuse:bind-utils, p-cpe:/a:novell:opensuse:bind-utils-debuginfo, cpe:/o:novell:opensuse:42.1, cpe:/o:novell:opensuse:42.2

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2017/04/19

Reference Information

CVE: CVE-2016-2775, CVE-2016-6170, CVE-2017-3136, CVE-2017-3137, CVE-2017-3138

IAVA: 2017-A-0004