Resolution for Bind Security Vulnerability in April, 2017 (CVE-2017-3136, CVE-2017-3137, CVE-2017-3138)

Solution Verified - Updated -

Issue

  • CVE-2017-3136: An error handling synthesized records could cause an assertion failure when using DNS64 with "break-dnssec yes;".
  • CVE-2017-3137: A response packet can cause a resolver to terminate when processing an answer containing a CNAME or DNAME.
  • CVE-2017-3138: named exits with a REQUIRE assertion failure if it receives a null command string on its control channel.

Environment

  • Red Hat Enterprise Linux 7
  • Red Hat Enterprise Linux 6
  • Red Hat Enterprise Linux 5

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In