CVE-2017-3140

Published: 16 January 2019

If named is configured to use Response Policy Zones (RPZ) an error processing some rule types can lead to a condition where BIND will endlessly loop while handling a query. Affects BIND 9.9.10, 9.10.5, 9.11.0->9.11.1, 9.9.10-S1, 9.10.5-S1.

Priority

Medium

CVSS 3 base score: 5.9

Status

Package Release Status
bind9
Launchpad, Ubuntu, Debian 		Upstream Needs triage

Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(1:9.10.3.dfsg.P4-8ubuntu1.6)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(1:9.9.5.dfsg-3ubuntu0.14)

Notes

AuthorNote
tyhicks 
Per ISC, "... affecting 9.9.10, 9.10.5, 9.11.0->9.11.1, 9.9.10-S1,
and 9.10.5-S1"
Introduced by change #4377, which is not applied in any Ubuntu
releases

References

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM

Further reading