Описание
ELSA-2020-4183: bind security update (MODERATE)
[32:9.8.2-0.68.rc1.8]
- Fix tsig-request verify (CVE-2020-8622)
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
bind
9.8.2-0.68.rc1.el6_10.8
bind-chroot
9.8.2-0.68.rc1.el6_10.8
bind-devel
9.8.2-0.68.rc1.el6_10.8
bind-libs
9.8.2-0.68.rc1.el6_10.8
bind-sdb
9.8.2-0.68.rc1.el6_10.8
bind-utils
9.8.2-0.68.rc1.el6_10.8
Oracle Linux i686
bind
9.8.2-0.68.rc1.el6_10.8
bind-chroot
9.8.2-0.68.rc1.el6_10.8
bind-devel
9.8.2-0.68.rc1.el6_10.8
bind-libs
9.8.2-0.68.rc1.el6_10.8
bind-sdb
9.8.2-0.68.rc1.el6_10.8
bind-utils
9.8.2-0.68.rc1.el6_10.8
Связанные CVE
Связанные уязвимости
In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and message, and spoof a truncated response to trigger an assertion failure, causing the server to exit.
In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and message, and spoof a truncated response to trigger an assertion failure, causing the server to exit.
In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and message, and spoof a truncated response to trigger an assertion failure, causing the server to exit.
A truncated TSIG response can lead to an assertion failure
In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also aff ...