Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2021:4384

Опубликовано: 09 нояб. 2021
Источник: rocky
Оценка: Moderate

Описание

Moderate: bind security and bug fix update

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.

Security Fix(es):

  • bind: Broken inbound incremental zone update (IXFR) can cause named to terminate unexpectedly (CVE-2021-25214)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Rocky Linux 8.5 Release Notes linked from the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
bind-export-develi6866.el8bind-export-devel-9.11.26-6.el8.i686.rpm
bind-export-develx86_646.el8bind-export-devel-9.11.26-6.el8.x86_64.rpm
bind-export-libsi6866.el8bind-export-libs-9.11.26-6.el8.i686.rpm
bind-export-libsx86_646.el8bind-export-libs-9.11.26-6.el8.x86_64.rpm

Показывать по

Связанные CVE

CVE-2021-25214

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2021-25214

CVSS3: 6.5
ubuntu
больше 4 лет назад

In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed.

redhat логотип

CVE-2021-25214

CVSS3: 6.5
redhat
больше 4 лет назад

In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed.

nvd логотип

CVE-2021-25214

CVSS3: 6.5
nvd
больше 4 лет назад

In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed.

msrc логотип

CVE-2021-25214

CVSS3: 6.5
msrc
больше 4 лет назад

Описание отсутствует

debian логотип

CVE-2021-25214

CVSS3: 6.5
debian
больше 4 лет назад

In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versi ...