SUSE-SU-2019:1407-1

Опубликовано: 03 июн. 2019

Источник: suse-cvrf

Описание

Security update for bind

This update for bind fixes the following issues:

Security issues fixed:

CVE-2019-6465: Fixed an issue where controls for zone transfers may not be properly applied to Dynamically Loadable Zones (bsc#1126069).
CVE-2018-5745: Fixed a denial of service vulnerability if a trust anchor rolls over to an unsupported key algorithm when using managed-keys (bsc#1126068).
CVE-2018-5743: Fixed a denial of service vulnerability which could be caused by to many simultaneous TCP connections (bsc#1133185).
CVE-2018-5740: Fixed a denial of service vulnerability in the 'deny-answer-aliases' feature (bsc#1104129).

Список пакетов

Image SLES15-Azure-BYOS

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-EC2-CHOST-HVM-BYOS

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-EC2-HVM-BYOS

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-GCE-BYOS

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-OCI-BYOS

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-SAP-Azure

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-SAP-Azure-BYOS

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-SAP-Azure-LI-BYOS-Production

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-SAP-Azure-VLI-BYOS-Production

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-SAP-EC2-HVM

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-SAP-EC2-HVM-BYOS

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-SAP-GCE

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-SAP-GCE-BYOS

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-SAP-OCI-BYOS

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-SP1-Azure-BYOS

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-SP1-Azure-HPC-BYOS

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-SP1-CAP-Deployment-BYOS-EC2-HVM

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-SP1-CAP-Deployment-BYOS-GCE

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-SP1-CHOST-BYOS-Azure

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-SP1-CHOST-BYOS-EC2

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-SP1-CHOST-BYOS-GCE

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-SP1-EC2-HPC-HVM-BYOS

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-SP1-EC2-HVM-BYOS

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-SP1-GCE-BYOS

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-SP1-Manager-4-0-Azure-BYOS-Proxy

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-SP1-Manager-4-0-Azure-BYOS-Server

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-SP1-Manager-4-0-EC2-HVM-BYOS-Proxy

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-SP1-Manager-4-0-EC2-HVM-BYOS-Server

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-SP1-Manager-4-0-GCE-BYOS-Proxy

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-SP1-Manager-4-0-GCE-BYOS-Server

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-SP1-OCI-BYOS

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-SP1-SAP-Azure

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-SP1-SAP-Azure-BYOS

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-SP1-SAP-Azure-LI-BYOS-Production

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-SP1-SAP-EC2-HVM

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-SP1-SAP-EC2-HVM-BYOS

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-SP1-SAP-GCE

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-SP1-SAP-GCE-BYOS

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-SP1-SAP-OCI-BYOS

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-SP1-SAPCAL-Azure

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-SP1-SAPCAL-EC2-HVM

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-SP1-SAPCAL-GCE

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-SP2-Azure-Basic

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-SP2-Azure-Standard

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-SP2-BYOS-Azure

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-SP2-BYOS-EC2-HVM

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-SP2-BYOS-GCE

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-SP2-CAP-Deployment-BYOS-Azure

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-SP2-CHOST-BYOS-Aliyun

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-SP2-CHOST-BYOS-Azure

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-SP2-CHOST-BYOS-EC2

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-SP2-CHOST-BYOS-GCE

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-SP2-EC2-ECS-HVM

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-SP2-EC2-HVM

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-SP2-GCE

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-SP2-HPC-Azure

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-SP2-HPC-BYOS-Azure

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-SP2-HPC-BYOS-EC2-HVM

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-SP2-Manager-4-1-Proxy-BYOS-EC2-HVM

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-SP2-Manager-4-1-Proxy-BYOS-GCE

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-SP2-Manager-4-1-Server-BYOS-Azure

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-SP2-Manager-4-1-Server-BYOS-EC2-HVM

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-SP2-Manager-4-1-Server-BYOS-GCE

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-SP2-SAP-Azure

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-SP2-SAP-BYOS-Azure

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-SP2-SAP-BYOS-EC2-HVM

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-SP2-SAP-BYOS-GCE

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-SP2-SAP-EC2-HVM

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

Image SLES15-SP2-SAP-GCE

bind-utils-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

SUSE Linux Enterprise Module for Basesystem 15

bind-devel-9.11.2-12.11.2

bind-utils-9.11.2-12.11.2

libbind9-160-9.11.2-12.11.2

libdns169-9.11.2-12.11.2

libirs-devel-9.11.2-12.11.2

libirs160-9.11.2-12.11.2

libisc166-9.11.2-12.11.2

libisccc160-9.11.2-12.11.2

libisccfg160-9.11.2-12.11.2

liblwres160-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

SUSE Linux Enterprise Module for Basesystem 15 SP1

bind-devel-9.11.2-12.11.2

bind-utils-9.11.2-12.11.2

libbind9-160-9.11.2-12.11.2

libdns169-9.11.2-12.11.2

libirs-devel-9.11.2-12.11.2

libirs160-9.11.2-12.11.2

libisc166-9.11.2-12.11.2

libisccc160-9.11.2-12.11.2

libisccfg160-9.11.2-12.11.2

liblwres160-9.11.2-12.11.2

python3-bind-9.11.2-12.11.2

SUSE Linux Enterprise Module for Server Applications 15

bind-9.11.2-12.11.2

bind-chrootenv-9.11.2-12.11.2

bind-doc-9.11.2-12.11.2

SUSE Linux Enterprise Module for Server Applications 15 SP1

bind-9.11.2-12.11.2

bind-chrootenv-9.11.2-12.11.2

bind-doc-9.11.2-12.11.2

Ссылки

https://www.suse.com/support/update/announcement/2019/suse-su-20191407-1/
Link for SUSE-SU-2019:1407-1
https://lists.suse.com/pipermail/sle-security-updates/2019-June/005528.html
E-Mail link for SUSE-SU-2019:1407-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1104129
SUSE Bug 1104129
https://bugzilla.suse.com/1126068
SUSE Bug 1126068
https://bugzilla.suse.com/1126069
SUSE Bug 1126069
https://bugzilla.suse.com/1133185
SUSE Bug 1133185
https://www.suse.com/security/cve/CVE-2018-5740/
SUSE CVE CVE-2018-5740 page
https://www.suse.com/security/cve/CVE-2018-5743/
SUSE CVE CVE-2018-5743 page
https://www.suse.com/security/cve/CVE-2018-5745/
SUSE CVE CVE-2018-5745 page
https://www.suse.com/security/cve/CVE-2019-6465/
SUSE CVE CVE-2019-6465 page

Описание

"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Affects BIND 9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2.

Затронутые продукты

Image SLES15-Azure-BYOS:bind-utils-9.11.2-12.11.2

Image SLES15-Azure-BYOS:python3-bind-9.11.2-12.11.2

Image SLES15-EC2-CHOST-HVM-BYOS:bind-utils-9.11.2-12.11.2

Image SLES15-EC2-CHOST-HVM-BYOS:python3-bind-9.11.2-12.11.2

Ссылки

https://www.suse.com/security/cve/CVE-2018-5740.html
CVE-2018-5740
https://bugzilla.suse.com/1104129
SUSE Bug 1104129
https://bugzilla.suse.com/1141730
SUSE Bug 1141730
https://bugzilla.suse.com/1148887
SUSE Bug 1148887
https://bugzilla.suse.com/1177790
SUSE Bug 1177790

Описание

By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.6, 9.12.0 -> 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -> 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -> 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743.

Затронутые продукты

Image SLES15-Azure-BYOS:bind-utils-9.11.2-12.11.2

Image SLES15-Azure-BYOS:python3-bind-9.11.2-12.11.2

Image SLES15-EC2-CHOST-HVM-BYOS:bind-utils-9.11.2-12.11.2

Image SLES15-EC2-CHOST-HVM-BYOS:python3-bind-9.11.2-12.11.2

Ссылки

https://www.suse.com/security/cve/CVE-2018-5743.html
CVE-2018-5743
https://bugzilla.suse.com/1133185
SUSE Bug 1133185
https://bugzilla.suse.com/1148887
SUSE Bug 1148887
https://bugzilla.suse.com/1157051
SUSE Bug 1157051

Описание

"managed-keys" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses managed-keys to exit due to an assertion failure if, during key rollover, a trust anchor's keys are replaced with keys which use an unsupported algorithm. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5745.

Затронутые продукты

Image SLES15-Azure-BYOS:bind-utils-9.11.2-12.11.2

Image SLES15-Azure-BYOS:python3-bind-9.11.2-12.11.2

Image SLES15-EC2-CHOST-HVM-BYOS:bind-utils-9.11.2-12.11.2

Image SLES15-EC2-CHOST-HVM-BYOS:python3-bind-9.11.2-12.11.2

Ссылки

https://www.suse.com/security/cve/CVE-2018-5745.html
CVE-2018-5745
https://bugzilla.suse.com/1126068
SUSE Bug 1126068
https://bugzilla.suse.com/1141730
SUSE Bug 1141730
https://bugzilla.suse.com/1148887
SUSE Bug 1148887
https://bugzilla.suse.com/1177790
SUSE Bug 1177790

Описание

Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P2, 9.12.0 -> 9.12.3-P2, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2019-6465.

Затронутые продукты

Image SLES15-Azure-BYOS:bind-utils-9.11.2-12.11.2

Image SLES15-Azure-BYOS:python3-bind-9.11.2-12.11.2

Image SLES15-EC2-CHOST-HVM-BYOS:bind-utils-9.11.2-12.11.2

Image SLES15-EC2-CHOST-HVM-BYOS:python3-bind-9.11.2-12.11.2

Ссылки

https://www.suse.com/security/cve/CVE-2019-6465.html
CVE-2019-6465
https://bugzilla.suse.com/1126069
SUSE Bug 1126069
https://bugzilla.suse.com/1141730
SUSE Bug 1141730
https://bugzilla.suse.com/1148887
SUSE Bug 1148887