Arch Linux Security Advisory ASA-201701-15 ========================================== Severity: High Date : 2017-01-12 CVE-ID : CVE-2016-9131 CVE-2016-9147 CVE-2016-9444 CVE-2016-9778 Package : bind Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-132 Summary ======= The package bind before version 9.11.0.P2-1 is vulnerable to denial of service. Resolution ========== Upgrade to 9.11.0.P2-1. # pacman -Syu "bind>=9.11.0.P2-1" The problems have been fixed upstream in version 9.11.0.P2. Workaround ========== None Description =========== - CVE-2016-9131 (denial of service) A denial of service flaw was found in the way BIND processed a response to an ANY query. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. - CVE-2016-9147 (denial of service) A denial of service flaw was found in the way BIND handled a query response containing inconsistent DNSSEC information. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. - CVE-2016-9444 (denial of service) A denial of service flaw was found in the way BIND handled an unusually-formed DS record response. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. - CVE-2016-9778 (denial of service) A denial of service flaw was found in the way BIND handled certain queries using the nxdomain-redirect feature to cover a zone for which it is also providing authoritative service. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. Impact ====== A remote attacker can crash the server by performing crafted queries under certain circumstances. References ========== https://kb.isc.org/article/AA-01439/0 https://kb.isc.org/article/AA-01440/0 https://kb.isc.org/article/AA-01441/0 https://kb.isc.org/article/AA-01442/0 https://security.archlinux.org/CVE-2016-9131 https://security.archlinux.org/CVE-2016-9147 https://security.archlinux.org/CVE-2016-9444 https://security.archlinux.org/CVE-2016-9778