Описание
In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9.
A flaw was found in bind. The way DNAME records are processed may trigger the same RRset to the ANSWER section to be added more than once which causes an assertion check to fail. The highest threat from this flaw is to system availability.
Меры по смягчению последствий
Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | bind | Out of support scope | ||
| Red Hat Enterprise Linux 5 | bind97 | Out of support scope | ||
| Red Hat Enterprise Linux 9 | bind | Not affected | ||
| Red Hat Enterprise Linux 6 Extended Lifecycle Support | bind | Fixed | RHSA-2021:1468 | 29.04.2021 |
| Red Hat Enterprise Linux 7 | bind | Fixed | RHSA-2021:1469 | 29.04.2021 |
| Red Hat Enterprise Linux 7.2 Advanced Update Support | bind | Fixed | RHSA-2021:1476 | 03.05.2021 |
| Red Hat Enterprise Linux 7.3 Advanced Update Support | bind | Fixed | RHSA-2021:1475 | 03.05.2021 |
| Red Hat Enterprise Linux 7.4 Advanced Update Support | bind | Fixed | RHSA-2021:1479 | 03.05.2021 |
| Red Hat Enterprise Linux 7.4 Telco Extended Update Support | bind | Fixed | RHSA-2021:1479 | 03.05.2021 |
| Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions | bind | Fixed | RHSA-2021:1479 | 03.05.2021 |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9.
In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9.
In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S ...
7.5 High
CVSS3