DSA-3758-1 bind9 -- bind9ID: oval:org.secpod.oval:def:602735 | Date: (C)2017-01-12 (M)2023-12-20 |
Class: PATCH | Family: unix |
Several denial-of-service vulnerabilities were discovered in BIND, a DNS server implementation. CVE-2016-9131 A crafted upstream response to an ANY query could cause an assertion failure. CVE-2016-9147 A crafted upstream response with self-contradicting DNSSEC data could cause an assertion failure. CVE-2016-9444 Specially-crafted upstream responses with a DS record could cause an assertion failure. These vulnerabilities predominantly affect DNS servers providing recursive service. Client queries to authoritative-only servers cannot trigger these assertion failures. These vulnerabilities are present whether or not DNSSEC validation is enabled in the server configuration.