1018701 – (CVE-2016-9147) VUL-0: CVE-2016-9147: bind: response containing inconsistent DNSSEC information could cause an assertion failure

Bug 1018701 (CVE-2016-9147) - VUL-0: CVE-2016-9147: bind: response containing inconsistent DNSSEC information could cause an assertion failure

Summary: VUL-0: CVE-2016-9147: bind: response containing inconsistent DNSSEC informati...

Status:	RESOLVED FIXED

Alias:	CVE-2016-9147

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Major
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/178327/
Whiteboard:	CVSSv2:SUSE:CVE-2016-9147:7.8:(AV:N/A...
Keywords:

Depends on:
Blocks:	1018699
	Show dependency tree / graph

Clone This Bug

Reported:	2017-01-07 09:58 UTC by Alexander Bergmann
Modified:	2020-09-24 14:55 UTC (History)
CC List:	5 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Comment 3 Swamp Workflow Management 2017-01-07 23:00:25 UTC

bugbot adjusting priority

Comment 4 Andreas Stieger 2017-01-09 12:04:51 UTC

CRD: 2017-01-11

Comment 8 Swamp Workflow Management 2017-01-12 01:09:21 UTC

SUSE-SU-2017:0111-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1018699,1018700,1018701,1018702
CVE References: CVE-2016-9131,CVE-2016-9147,CVE-2016-9444
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    bind-9.9.9P1-53.1
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    bind-9.9.9P1-53.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    bind-9.9.9P1-53.1
SUSE Linux Enterprise Server 12-SP2 (src):    bind-9.9.9P1-53.1
SUSE Linux Enterprise Server 12-SP1 (src):    bind-9.9.9P1-53.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    bind-9.9.9P1-53.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    bind-9.9.9P1-53.1

Comment 9 Swamp Workflow Management 2017-01-12 01:10:26 UTC

SUSE-SU-2017:0112-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1018699,1018700,1018701,1018702
CVE References: CVE-2016-9131,CVE-2016-9147,CVE-2016-9444
Sources used:
SUSE OpenStack Cloud 5 (src):    bind-9.9.6P1-0.36.1
SUSE Manager Proxy 2.1 (src):    bind-9.9.6P1-0.36.1
SUSE Manager 2.1 (src):    bind-9.9.6P1-0.36.1
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    bind-9.9.6P1-0.36.1
SUSE Linux Enterprise Server 11-SP4 (src):    bind-9.9.6P1-0.36.1
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    bind-9.9.6P1-0.36.1
SUSE Linux Enterprise Server 11-SP2-LTSS (src):    bind-9.9.6P1-0.36.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    bind-9.9.6P1-0.36.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    bind-9.9.6P1-0.36.1

Comment 10 Swamp Workflow Management 2017-01-12 01:11:27 UTC

SUSE-SU-2017:0113-1: An update that solves three vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1018699,1018700,1018701,1018702,965748
CVE References: CVE-2016-9131,CVE-2016-9147,CVE-2016-9444
Sources used:
SUSE Linux Enterprise Server for SAP 12 (src):    bind-9.9.9P1-28.26.1
SUSE Linux Enterprise Server 12-LTSS (src):    bind-9.9.9P1-28.26.1

Comment 11 Alexander Bergmann 2017-01-12 07:49:07 UTC

Public now!

https://kb.isc.org/article/AA-01440/74/CVE-2016-9147

Comment 12 Alexander Bergmann 2017-01-12 07:51:44 UTC

Correct URL:

https://kb.isc.org/article/AA-01440/74/CVE-2016-9147%3A-An-error-handling-a-query-response-containing-inconsistent-DNSSEC-information-could-cause-an-assertion-failure-.html

Comment 13 Swamp Workflow Management 2017-01-17 18:46:15 UTC

openSUSE-SU-2017:0182-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1018699,1018700,1018701,1018702
CVE References: CVE-2016-9131,CVE-2016-9147,CVE-2016-9444
Sources used:
openSUSE 13.2 (src):    bind-9.9.6P1-2.28.1

Comment 14 Swamp Workflow Management 2017-01-18 11:09:33 UTC

openSUSE-SU-2017:0193-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1018699,1018700,1018701,1018702
CVE References: CVE-2016-9131,CVE-2016-9147,CVE-2016-9444
Sources used:
openSUSE Leap 42.2 (src):    bind-9.9.9P1-43.1
openSUSE Leap 42.1 (src):    bind-9.9.9P1-45.1

Comment 17 Marcus Meissner 2017-01-27 10:42:55 UTC

released