Описание
Security update for bind
This update for bind fixes the following issues:
- CVE-2021-25219: Fixed flaw that allowed abusing lame cache to severely degrade resolver performance (bsc#1192146).
- CVE-2021-25220: Fixed potentially incorrect answers by cached forwarders (bsc#1197135).
- CVE-2022-0396: Fixed a incorrect handling of TCP connection slots time frame leading to deny of service (bsc#1197136).
The following non-security bugs were fixed:
- Update to release 9.16.31 (jsc#SLE-24600).
- Logrotation broken since dropping chroot (bsc#1200685).
- A non-existent initialization script (eg a leftorver 'createNamedConfInclude' in /etc/sysconfig/named) may cause named not to start. A warning message is printed in named.prep and the fact is ignored. Also, the return value of a failed script was not handled properly causing a failed script to not prevent named to start. This is now fixed properly. [bsc#1199044, vendor-files.tar.bz2]
Список пакетов
Image SLES15-SP4
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP4-Azure-Basic
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP4-Azure-Standard
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP4-BYOS
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP4-BYOS-Azure
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP4-BYOS-EC2
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP4-BYOS-GCE
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP4-CHOST-BYOS
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP4-CHOST-BYOS-Aliyun
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP4-CHOST-BYOS-Azure
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP4-CHOST-BYOS-EC2
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP4-CHOST-BYOS-GCE
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP4-CHOST-BYOS-SAP-CCloud
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP4-EC2
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP4-EC2-ECS-HVM
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP4-GCE
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP4-HPC
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP4-HPC-Azure
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP4-HPC-BYOS
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP4-HPC-BYOS-Azure
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP4-HPC-BYOS-EC2
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP4-HPC-BYOS-GCE
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP4-HPC-EC2
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP4-HPC-GCE
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP4-Hardened-BYOS
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP4-Hardened-BYOS-Azure
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP4-Hardened-BYOS-EC2
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP4-Hardened-BYOS-GCE
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP4-Manager-Server-4-3
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP4-Manager-Server-4-3-Azure-llc
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP4-Manager-Server-4-3-Azure-ltd
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP4-Manager-Server-4-3-BYOS
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP4-Manager-Server-4-3-EC2-llc
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP4-Manager-Server-4-3-EC2-ltd
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP4-SAP
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP4-SAP-Azure
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP4-SAP-Azure-LI-BYOS
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP4-SAP-Azure-LI-BYOS-Production
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP4-SAP-Azure-VLI-BYOS
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP4-SAP-BYOS
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP4-SAP-BYOS-Azure
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP4-SAP-BYOS-EC2
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP4-SAP-BYOS-GCE
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP4-SAP-EC2
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP4-SAP-GCE
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP4-SAP-Hardened
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP4-SAP-Hardened-Azure
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP4-SAP-Hardened-BYOS
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP4-SAP-Hardened-BYOS-Azure
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP4-SAP-Hardened-BYOS-EC2
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP4-SAP-Hardened-BYOS-GCE
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP4-SAP-Hardened-EC2
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP4-SAP-Hardened-GCE
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP4-SAPCAL
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP4-SAPCAL-Azure
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP4-SAPCAL-EC2
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP4-SAPCAL-GCE
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP4-SUSE-Rancher-Setup-BYOS
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP4-SUSE-Rancher-Setup-BYOS-EC2
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP5-EC2-ECS-HVM
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP5-HPC-EC2
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP5-HPC-GCE
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP5-SAP-Azure
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP5-SAP-EC2
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP5-SAP-GCE
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP5-SAP-Hardened-EC2
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
SUSE Linux Enterprise Module for Basesystem 15 SP4
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
SUSE Linux Enterprise Module for Server Applications 15 SP4
bind-9.16.31-150400.5.6.1
bind-doc-9.16.31-150400.5.6.1
openSUSE Leap 15.4
bind-9.16.31-150400.5.6.1
bind-doc-9.16.31-150400.5.6.1
bind-utils-9.16.31-150400.5.6.1
python3-bind-9.16.31-150400.5.6.1
Ссылки
- Link for SUSE-SU-2022:2713-1
- E-Mail link for SUSE-SU-2022:2713-1
- SUSE Security Ratings
- SUSE Bug 1192146
- SUSE Bug 1197135
- SUSE Bug 1197136
- SUSE Bug 1199044
- SUSE Bug 1200685
- SUSE CVE CVE-2021-25219 page
- SUSE CVE CVE-2021-25220 page
- SUSE CVE CVE-2022-0396 page
Описание
In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. The way the lame cache is currently designed makes it possible for its internal data structures to grow almost infinitely, which may cause significant delays in client query processing.
Затронутые продукты
Image SLES15-SP4-Azure-Basic:bind-utils-9.16.31-150400.5.6.1
Image SLES15-SP4-Azure-Basic:python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP4-Azure-Standard:bind-utils-9.16.31-150400.5.6.1
Image SLES15-SP4-Azure-Standard:python3-bind-9.16.31-150400.5.6.1
Ссылки
- CVE-2021-25219
- SUSE Bug 1192146
Описание
BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients.
Затронутые продукты
Image SLES15-SP4-Azure-Basic:bind-utils-9.16.31-150400.5.6.1
Image SLES15-SP4-Azure-Basic:python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP4-Azure-Standard:bind-utils-9.16.31-150400.5.6.1
Image SLES15-SP4-Azure-Standard:python3-bind-9.16.31-150400.5.6.1
Ссылки
- CVE-2021-25220
- SUSE Bug 1197135
Описание
BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has terminated the connection.
Затронутые продукты
Image SLES15-SP4-Azure-Basic:bind-utils-9.16.31-150400.5.6.1
Image SLES15-SP4-Azure-Basic:python3-bind-9.16.31-150400.5.6.1
Image SLES15-SP4-Azure-Standard:bind-utils-9.16.31-150400.5.6.1
Image SLES15-SP4-Azure-Standard:python3-bind-9.16.31-150400.5.6.1
Ссылки
- CVE-2022-0396
- SUSE Bug 1197136