USN-3346-1 fixed vulnerabilities in Bind. The fix forCVE-2017-3142 introduced a regression in the ability to receive an AXFR or IXFR in the case where TSIG is used and not every message is signed. This update fixes the problem.
In addition, this update adds the new root zone key signing key (KSK).
Original advisory details:
ClÃ©ment Berthaux discovered that Bind did not correctly check TSIG authentication for zone update requests. An attacker could use this to improperly perform zone updates. (CVE-2017-3143) ClÃ©ment Berthaux discovered that Bind did not correctly check TSIG authentication for zone transfer requests. An attacker could use this to improperly transfer entire zones. (CVE-2017-3142)
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center