Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2022:3500-1

Опубликовано: 04 окт. 2022
Источник: suse-cvrf

Описание

Security update for bind

This update for bind fixes the following issues:

  • CVE-2022-2795: Fixed potential performance degredation due to missing database lookup limits when processing large delegations (bsc#1203614).
  • CVE-2022-38177: Fixed a memory leak that could be externally triggered in the DNSSEC verification code for the ECDSA algorithm (bsc#1203619).

Список пакетов

SUSE Linux Enterprise Server 12 SP2-BCL
bind-9.9.9P1-63.37.1
bind-chrootenv-9.9.9P1-63.37.1
bind-doc-9.9.9P1-63.37.1
bind-libs-9.9.9P1-63.37.1
bind-libs-32bit-9.9.9P1-63.37.1
bind-utils-9.9.9P1-63.37.1
SUSE Linux Enterprise Server 12 SP3-BCL
bind-9.9.9P1-63.37.1
bind-chrootenv-9.9.9P1-63.37.1
bind-doc-9.9.9P1-63.37.1
bind-libs-9.9.9P1-63.37.1
bind-libs-32bit-9.9.9P1-63.37.1
bind-utils-9.9.9P1-63.37.1

Ссылки

Описание

By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP2-BCL:bind-9.9.9P1-63.37.1
SUSE Linux Enterprise Server 12 SP2-BCL:bind-chrootenv-9.9.9P1-63.37.1
SUSE Linux Enterprise Server 12 SP2-BCL:bind-doc-9.9.9P1-63.37.1
SUSE Linux Enterprise Server 12 SP2-BCL:bind-libs-32bit-9.9.9P1-63.37.1
Ссылки

Описание

By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP2-BCL:bind-9.9.9P1-63.37.1
SUSE Linux Enterprise Server 12 SP2-BCL:bind-chrootenv-9.9.9P1-63.37.1
SUSE Linux Enterprise Server 12 SP2-BCL:bind-doc-9.9.9P1-63.37.1
SUSE Linux Enterprise Server 12 SP2-BCL:bind-libs-32bit-9.9.9P1-63.37.1
Ссылки