Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.1898
bind9 security update
1 June 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: bind9
Publisher: Debian
Operating System: Debian GNU/Linux 8
Impact/Access: Denial of Service -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2020-8617 CVE-2020-8616
Reference: ESB-2020.1893
ESB-2020.1777.2
ESB-2020.1771
Original Bulletin:
https://lists.debian.org/debian-lts-announce/2020/05/msg00031.html
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : bind9
Version : 1:9.9.5.dfsg-9+deb8u19
CVE ID : CVE-2020-8616 CVE-2020-8617
Several vulnerabilities were discovered in BIND, a DNS server
implementation.
CVE-2020-8616
It was discovered that BIND does not sufficiently limit the number
of fetches performed when processing referrals. An attacker can take
advantage of this flaw to cause a denial of service (performance
degradation) or use the recursing server in a reflection attack with
a high amplification factor.
CVE-2020-8617
It was discovered that a logic error in the code which checks TSIG
validity can be used to trigger an assertion failure, resulting in
denial of service.
For Debian 8 "Jessie", these problems have been fixed in version
1:9.9.5.dfsg-9+deb8u19.
We recommend that you upgrade your bind9 packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl7SwphfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEepBhAAo6iJ4M1N7XAGtAm+13K/LWEIx0wxHVsWaD96N+Zwu8417MzavbZQA9AX
W2L3NDTJRJrXl0PdVIOTB0uWKlFFKWF7epxwESt2Y6zRso5SWlNYIHaDJ84DjfuT
4My8JZfHF+C0IFGVJ6XcyyxGhuKzY6ZCS1SYdyr5Cb/K2sqHxpEk1M15a4V5wiXN
ZbuHIRsVdS6dkMWXYKAxgnVppeFwhZKZPMnfccSf07tCplgo1FbbO0fHb/DGs38H
C1XgiZx96wF+iJrAtSB0CmTzL6y1pyYBl2ugA40B0rESRFEmGTZuihYBCu61scDQ
6K0cBAGRdTB2GzUCoSgJm7b96xHz+2lrlFI6HD6BIvQHcUvdjs42jjtUK8w0sYvm
vR57WR1tiCW5m+b6Xj+6f0LlHpocJZhAQPDrY/vpcccidEqnUaiyXt697Y4pIGFU
JaIQaG3RlY3aWyGMoVa5zQ+BZpTk/wAOJ+qbxDeBBSr+SVrgJBCtDXijBtuQo/Qw
hJa/gWkO5JeXyao/pS/u0i+84LjRbNoTZWUR+PuWMtyMfHjZuuplLD3SiQyAydUC
QJNpB3vYv7gG4TXt2Tn0GG9QkXp7qlOTrndVmp9WaeaHRI5B0kmyIGW0g1S3KbbP
v0rPYz1NNwOFTrInSH82CdC1htGbfXM2ar+krygFcIN/qwx3XBQ=
=yDy1
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXtRhmeNLKJtyKPYoAQhntw/6AlL9HcD/chFXgw3wrvGSeyY6h9rQil2V
djkHNy5abRS8c9437k6iWzkhdlpMjYLoRD73O/LX9uXViTir99CLGi79NNEaPuhH
GYBEky64geIlD1OuReraNVykZ8JDtIcIyUZ00GY8bLoaalauL44xS7r3CW7N1LwY
P9uhNT0Vx5E3BKBxLIiQH/3V9bSLhXtiDQeYp1WmcFYSm7Eh6MbWDp7QhOrfDWk9
kRZDMaJ7VoinX3sz+vX4413CFIkiBKdRxUAyh5MkuD1dN/2A3Sizv/fW24dAXhWw
HobOjkJxfZDai8OwGoMwxSCxGnpc0q2iaypVQnL1vCrNXgfPsuT4TDnICnCeRklg
nAQ6pXmrP4UoRiT/6jeMHp9WmYEP91a7jArGxIr0CW6uRCRNnMTsVUQLE2vJJIRE
h+38BC0bYa5xlKVShr6ylt8+1mFuPik/U2W0kg1LRGmWd89T+j7YWMFN9CEWdSXx
u3e1Wjh+RGFJErBNjqQSNrCVMtB7JVoc2a4dpajy7wAn+/asvvwl1Wk0ixjoGw78
LlpsEE6Ay4uTk3btdgr5v48t58N70+2vMBURmhNZGlvOBWMTiP4XhBb+wmYUwEeo
D183UwQkyGQBm19ddcrgsNLEWZEs6kaExSK+wToZkyge2TS1HvSCgBHooHhmRhiq
a4HCrvHJSoY=
=3/as
-----END PGP SIGNATURE-----