CVE-2017-3137

NameCVE-2017-3137
DescriptionA response packet can cause a resolver to terminate when processing an answer containing a CNAME or DNAME
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-957-1, DSA-3854-1
Debian Bugs860225

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
bind9 (PTS)wheezy1:9.8.4.dfsg.P1-6+nmu2+deb7u10vulnerable
wheezy (security)1:9.8.4.dfsg.P1-6+nmu2+deb7u16fixed
jessie1:9.9.5.dfsg-9+deb8u10vulnerable
jessie (security)1:9.9.5.dfsg-9+deb8u11fixed
buster, sid, stretch1:9.10.3.dfsg.P4-12.3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
bind9source(unstable)1:9.10.3.dfsg.P4-12.3860225
bind9sourcejessie1:9.9.5.dfsg-9+deb8u11DSA-3854-1
bind9sourcewheezy1:9.8.4.dfsg.P1-6+nmu2+deb7u16DLA-957-1

Notes

https://kb.isc.org/article/AA-01466
Additional information for backporting patch: http://www.openwall.com/lists/oss-security/2017/04/17/5
Fixed by (9.10.x): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=69fd759b4aa02047e42e5cf4227f8257c4547988
Fixed by (9.10.x): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=6841d7b854c15df9ec56cab38da201b315bbcabb (reimplentation)
Fixed by (9.10.x): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=7ab9e8e00775782d474522a5b2bffba8daefefa5 (regression fix)

Search for package or bug name: Reporting problems