Bug 1018701 (CVE-2016-9147)

Summary: VUL-0: CVE-2016-9147: bind: response containing inconsistent DNSSEC information could cause an assertion failure
Product: [Novell Products] SUSE Security Incidents Reporter: Alexander Bergmann <abergmann>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Major    
Priority: P3 - Medium CC: abergmann, astieger, jechristensen, jsegitz, meissner
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/178327/
Whiteboard: CVSSv2:SUSE:CVE-2016-9147:7.8:(AV:N/AC:L/Au:N/C:N/I:N/A:C) maint:running:63333:important maint:released:oes11-sp2:63335 CVSSv2:NVD:CVE-2016-9147:5.0:(AV:N/AC:L/Au:N/C:N/I:N/A:P) CVSSv3:NVD:CVE-2016-9147:7.5:(AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVSSv3:RedHat:CVE-2016-9147:7.5:(AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVSSv2:NVD:CVE-2017-3136:4.3:(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVSSv2:NVD:CVE-2017-3137:5.0:(AV:N/AC:L/Au:N/C:N/I:N/A:P) CVSSv2:SUSE:CVE-2017-3136:2.6:(AV:N/AC:H/Au:N/C:N/I:N/A:P) CVSSv2:SUSE:CVE-2017-3137:5.0:(AV:N/AC:L/Au:N/C:N/I:N/A:P) CVSSv3:NVD:CVE-2017-3136:5.9:(AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) CVSSv3:NVD:CVE-2017-3137:7.5:(AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVSSv3:RedHat:CVE-2017-3136:5.9:(AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) CVSSv3:RedHat:CVE-2017-3137:7.5:(AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVSSv3:RedHat:CVE-2017-3139:7.5:(AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on:    
Bug Blocks: 1018699    

Comment 3 Swamp Workflow Management 2017-01-07 23:00:25 UTC 
bugbot adjusting priority
Comment 4 Andreas Stieger 2017-01-09 12:04:51 UTC 
CRD: 2017-01-11
Comment 8 Swamp Workflow Management 2017-01-12 01:09:21 UTC 
SUSE-SU-2017:0111-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1018699,1018700,1018701,1018702
CVE References: CVE-2016-9131,CVE-2016-9147,CVE-2016-9444
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    bind-9.9.9P1-53.1
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    bind-9.9.9P1-53.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    bind-9.9.9P1-53.1
SUSE Linux Enterprise Server 12-SP2 (src):    bind-9.9.9P1-53.1
SUSE Linux Enterprise Server 12-SP1 (src):    bind-9.9.9P1-53.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    bind-9.9.9P1-53.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    bind-9.9.9P1-53.1
Comment 9 Swamp Workflow Management 2017-01-12 01:10:26 UTC 
SUSE-SU-2017:0112-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1018699,1018700,1018701,1018702
CVE References: CVE-2016-9131,CVE-2016-9147,CVE-2016-9444
Sources used:
SUSE OpenStack Cloud 5 (src):    bind-9.9.6P1-0.36.1
SUSE Manager Proxy 2.1 (src):    bind-9.9.6P1-0.36.1
SUSE Manager 2.1 (src):    bind-9.9.6P1-0.36.1
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    bind-9.9.6P1-0.36.1
SUSE Linux Enterprise Server 11-SP4 (src):    bind-9.9.6P1-0.36.1
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    bind-9.9.6P1-0.36.1
SUSE Linux Enterprise Server 11-SP2-LTSS (src):    bind-9.9.6P1-0.36.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    bind-9.9.6P1-0.36.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    bind-9.9.6P1-0.36.1
Comment 10 Swamp Workflow Management 2017-01-12 01:11:27 UTC 
SUSE-SU-2017:0113-1: An update that solves three vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1018699,1018700,1018701,1018702,965748
CVE References: CVE-2016-9131,CVE-2016-9147,CVE-2016-9444
Sources used:
SUSE Linux Enterprise Server for SAP 12 (src):    bind-9.9.9P1-28.26.1
SUSE Linux Enterprise Server 12-LTSS (src):    bind-9.9.9P1-28.26.1
Comment 11 Alexander Bergmann 2017-01-12 07:49:07 UTC 
Public now!

https://kb.isc.org/article/AA-01440/74/CVE-2016-9147
Comment 13 Swamp Workflow Management 2017-01-17 18:46:15 UTC 
openSUSE-SU-2017:0182-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1018699,1018700,1018701,1018702
CVE References: CVE-2016-9131,CVE-2016-9147,CVE-2016-9444
Sources used:
openSUSE 13.2 (src):    bind-9.9.6P1-2.28.1
Comment 14 Swamp Workflow Management 2017-01-18 11:09:33 UTC 
openSUSE-SU-2017:0193-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1018699,1018700,1018701,1018702
CVE References: CVE-2016-9131,CVE-2016-9147,CVE-2016-9444
Sources used:
openSUSE Leap 42.2 (src):    bind-9.9.9P1-43.1
openSUSE Leap 42.1 (src):    bind-9.9.9P1-45.1
Comment 17 Marcus Meissner 2017-01-27 10:42:55 UTC 
released