SUSE-SU-2021:2876-1

Опубликовано: 30 авг. 2021

Источник: suse-cvrf

Описание

Security update for bind

This update for bind fixes the following issues:

CVE-2020-8622: A truncated TSIG response can lead to an assertion failure (bsc#1175443).

Список пакетов

HPE Helion OpenStack 8

bind-9.9.9P1-63.28.1

bind-chrootenv-9.9.9P1-63.28.1

bind-doc-9.9.9P1-63.28.1

bind-libs-9.9.9P1-63.28.1

bind-libs-32bit-9.9.9P1-63.28.1

bind-utils-9.9.9P1-63.28.1

SUSE Linux Enterprise Server 12 SP2-BCL

bind-9.9.9P1-63.28.1

bind-chrootenv-9.9.9P1-63.28.1

bind-doc-9.9.9P1-63.28.1

bind-libs-9.9.9P1-63.28.1

bind-libs-32bit-9.9.9P1-63.28.1

bind-utils-9.9.9P1-63.28.1

SUSE Linux Enterprise Server 12 SP3-BCL

bind-9.9.9P1-63.28.1

bind-chrootenv-9.9.9P1-63.28.1

bind-doc-9.9.9P1-63.28.1

bind-libs-9.9.9P1-63.28.1

bind-libs-32bit-9.9.9P1-63.28.1

bind-utils-9.9.9P1-63.28.1

SUSE Linux Enterprise Server 12 SP3-LTSS

bind-9.9.9P1-63.28.1

bind-chrootenv-9.9.9P1-63.28.1

bind-doc-9.9.9P1-63.28.1

bind-libs-9.9.9P1-63.28.1

bind-libs-32bit-9.9.9P1-63.28.1

bind-utils-9.9.9P1-63.28.1

SUSE Linux Enterprise Server for SAP Applications 12 SP3

bind-9.9.9P1-63.28.1

bind-chrootenv-9.9.9P1-63.28.1

bind-doc-9.9.9P1-63.28.1

bind-libs-9.9.9P1-63.28.1

bind-libs-32bit-9.9.9P1-63.28.1

bind-utils-9.9.9P1-63.28.1

SUSE OpenStack Cloud 8

bind-9.9.9P1-63.28.1

bind-chrootenv-9.9.9P1-63.28.1

bind-doc-9.9.9P1-63.28.1

bind-libs-9.9.9P1-63.28.1

bind-libs-32bit-9.9.9P1-63.28.1

bind-utils-9.9.9P1-63.28.1

SUSE OpenStack Cloud Crowbar 8

bind-9.9.9P1-63.28.1

bind-chrootenv-9.9.9P1-63.28.1

bind-doc-9.9.9P1-63.28.1

bind-libs-9.9.9P1-63.28.1

bind-libs-32bit-9.9.9P1-63.28.1

bind-utils-9.9.9P1-63.28.1

Ссылки

https://www.suse.com/support/update/announcement/2021/suse-su-20212876-1/
Link for SUSE-SU-2021:2876-1
https://lists.suse.com/pipermail/sle-security-updates/2021-August/009368.html
E-Mail link for SUSE-SU-2021:2876-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1175443
SUSE Bug 1175443
https://bugzilla.suse.com/1188888
SUSE Bug 1188888
https://www.suse.com/security/cve/CVE-2020-8622/
SUSE CVE CVE-2020-8622 page

Описание

In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and message, and spoof a truncated response to trigger an assertion failure, causing the server to exit.

Затронутые продукты

HPE Helion OpenStack 8:bind-9.9.9P1-63.28.1

HPE Helion OpenStack 8:bind-chrootenv-9.9.9P1-63.28.1

HPE Helion OpenStack 8:bind-doc-9.9.9P1-63.28.1

HPE Helion OpenStack 8:bind-libs-32bit-9.9.9P1-63.28.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-8622.html
CVE-2020-8622
https://bugzilla.suse.com/1175443
SUSE Bug 1175443
https://bugzilla.suse.com/1188888
SUSE Bug 1188888
https://bugzilla.suse.com/1191120
SUSE Bug 1191120

SUSE-SU-2021:2876-1

Описание

Список пакетов

HPE Helion OpenStack 8

SUSE Linux Enterprise Server 12 SP2-BCL

SUSE Linux Enterprise Server 12 SP3-BCL

SUSE Linux Enterprise Server 12 SP3-LTSS

SUSE Linux Enterprise Server for SAP Applications 12 SP3

SUSE OpenStack Cloud 8

SUSE OpenStack Cloud Crowbar 8

Ссылки

Уязвимость: CVE-2020-8622

Описание

Затронутые продукты

Ссылки