13 Debian package update(s) for quigon.federez.net - Monitoring

9 Jul 2017

apticron report [Sun, 09 Jul 2017 01:38:11 +0200]
========================================================================
apticron has detected that some packages need upgrading on:
        quigon.federez.net
        [ 160.228.155.65 ]
The following packages are currently pending an upgrade:
        bind9 1:9.10.3.dfsg.P4-12.3+deb9u1
        bind9-host 1:9.10.3.dfsg.P4-12.3+deb9u1
        bind9utils 1:9.10.3.dfsg.P4-12.3+deb9u1
        dnsutils 1:9.10.3.dfsg.P4-12.3+deb9u1
        libbind9-140 1:9.10.3.dfsg.P4-12.3+deb9u1
        libdns162 1:9.10.3.dfsg.P4-12.3+deb9u1
        libdns-export162 1:9.10.3.dfsg.P4-12.3+deb9u1
        libirs141 1:9.10.3.dfsg.P4-12.3+deb9u1
        libisc160 1:9.10.3.dfsg.P4-12.3+deb9u1
        libisccc140 1:9.10.3.dfsg.P4-12.3+deb9u1
        libisccfg140 1:9.10.3.dfsg.P4-12.3+deb9u1
        libisc-export160 1:9.10.3.dfsg.P4-12.3+deb9u1
        liblwres141 1:9.10.3.dfsg.P4-12.3+deb9u1
========================================================================
Package Details:
apt-listchanges : Lecture des fichiers de modifications (« changelog »)...
apt-listchanges : journaux des modifications (« changelogs »)
-------------------------------------------------------------
--- Modifications pour bind9 (bind9 bind9-host bind9utils dnsutils libbind9-140 libdns162
libdns-export162 libirs141 libisc160 libisccc140 libisccfg140 libisc-export160
liblwres141) ---
bind9 (1:9.10.3.dfsg.P4-12.3+deb9u1) stretch-security; urgency=high
  * Non-maintainer upload by the Security Team.
  * debian/patches:
    - debian/patches/CVE-2017-3142+CVE-2017-3143 added, fix TSIG bypasses
      CVE-2017-3142: error in TSIG authentication can permit unauthorized zone
      transfers. An attacker may be able to circumvent TSIG authentication of
      AXFR and Notify requests.
      CVE-2017-3143: error in TSIG authentication can permit unauthorized
      dynamic updates. An attacker may be able to forge a valid TSIG or SIG(0)
      signature for a dynamic update.
 -- Yves-Alexis Perez &lt;corsac(a)debian.org&gt;  Fri, 30 Jun 2017 16:20:29 +0200
========================================================================
You can perform the upgrade by issuing the command:
        apt-get dist-upgrade
as root on quigon.federez.net
--
apticron