CVE-2017-3136 BIND9 Ubuntu安全漏洞通知 (USN-3259-1)

It was discovered that the resolver in Bind made incorrect assumptions about ordering when processing responses containing a CNAME or DNAME.

It was discovered that in some situations, Bind did not properly handle DNS64 queries.

It was discovered that in some situations, Bind did not properly handle invalid operations requested via its control channel.

An attacker could use this cause a denial of service. (CVE-2017-3137)

An attacker could use this to cause a denial of service. (CVE-2017-3136)

An attacker with access to the control channel could cause a denial of service. (CVE-2017-3138)

Refer to Ubuntu advisory USN-3259-1 for affected packages and patching details, or update with your package manager.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

USN-3259-1: 16.04 (Xenial) on src (bind9)

USN-3259-1: 17.04 (zesty) on src (bind9)

USN-3259-1: 16.10 (Yakkety) on src (bind9)

USN-3259-1: 14.04 (Kylin) on src (bind9)

USN-3259-1: 12.04 (Precise) on src (bind9)