January 12th 2017.
Multiple vulnerabilities were found in 3rd party software running on our DNS/DHCP appliance:
- CVE-2016-9131: A malformed response to an ANY query can cause an assertion failure during recursion. See https://kb.isc.org/article/AA-01439 for more details.
- CVE-2016-9147: An error handling a query response containing inconsistent DNSSEC information could cause an assertion failure. See https://kb.isc.org/article/AA-01440 for more details.
- CVE-2016-9444: An unusually-formed DS record response could cause an assertion failure. See https://kb.isc.org/article/AA-01441 for more details.
- CVE-2016-9778: An error handling certain queries using the nxdomain-redirect feature could cause a REQUIRE assertion failure in db.c.
See https://kb.isc.org/article/AA-01442 for more details.
We recommend that all Men & Mice DNS/DHCP Appliances are upgraded to the latest version, which is 7.3.2.
The appliances on the 7.1 LTS version have also been updated. The latest version in 7.1 is 7.1.12
The appliances can be easily upgraded using the Automatic Updates feature of the Men & Mice Suite.
For details on how to update the Men & Mice Suite, see
For more information regarding the upgrade, contact Men & Mice Support using the link below
November 1st, 2016
A vulnerability, CVE-2016-8864 was found in 3rd party software running on our DNS/DHCP appliance.