Lucene search
AmazonALAS-2015-465HistoryJan 08, 2015 - 11:36 a.m.
Important: bind
2015-01-0811:36:00
alas.aws.amazon.com
24
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.898 High
EPSS
Percentile
98.7%
Issue Overview:
A denial of service flaw was found in the way BIND followed DNS delegations. A remote attacker could use a specially crafted zone containing a large number of referrals which, when looked up and processed, would cause named to use excessive amounts of memory or crash. (CVE-2014-8500)
Affected Packages:
bind
Issue Correction:
Run yum update bind to update your system.
New Packages:
i686:
bind-utils-9.8.2-0.30.rc1.35.amzn1.i686
bind-9.8.2-0.30.rc1.35.amzn1.i686
bind-chroot-9.8.2-0.30.rc1.35.amzn1.i686
bind-debuginfo-9.8.2-0.30.rc1.35.amzn1.i686
bind-sdb-9.8.2-0.30.rc1.35.amzn1.i686
bind-devel-9.8.2-0.30.rc1.35.amzn1.i686
bind-libs-9.8.2-0.30.rc1.35.amzn1.i686
src:
bind-9.8.2-0.30.rc1.35.amzn1.src
x86_64:
bind-devel-9.8.2-0.30.rc1.35.amzn1.x86_64
bind-utils-9.8.2-0.30.rc1.35.amzn1.x86_64
bind-libs-9.8.2-0.30.rc1.35.amzn1.x86_64
bind-chroot-9.8.2-0.30.rc1.35.amzn1.x86_64
bind-9.8.2-0.30.rc1.35.amzn1.x86_64
bind-sdb-9.8.2-0.30.rc1.35.amzn1.x86_64
bind-debuginfo-9.8.2-0.30.rc1.35.amzn1.x86_64
Additional References
Red Hat: CVE-2014-8500
Mitre: CVE-2014-8500
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 1 | i686 | bind-utils | < 9.8.2-0.30.rc1.35.amzn1 | bind-utils-9.8.2-0.30.rc1.35.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | bind | < 9.8.2-0.30.rc1.35.amzn1 | bind-9.8.2-0.30.rc1.35.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | bind-chroot | < 9.8.2-0.30.rc1.35.amzn1 | bind-chroot-9.8.2-0.30.rc1.35.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | bind-debuginfo | < 9.8.2-0.30.rc1.35.amzn1 | bind-debuginfo-9.8.2-0.30.rc1.35.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | bind-sdb | < 9.8.2-0.30.rc1.35.amzn1 | bind-sdb-9.8.2-0.30.rc1.35.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | bind-devel | < 9.8.2-0.30.rc1.35.amzn1 | bind-devel-9.8.2-0.30.rc1.35.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | bind-libs | < 9.8.2-0.30.rc1.35.amzn1 | bind-libs-9.8.2-0.30.rc1.35.amzn1.i686.rpm |
| Amazon Linux | 1 | x86_64 | bind-devel | < 9.8.2-0.30.rc1.35.amzn1 | bind-devel-9.8.2-0.30.rc1.35.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | bind-utils | < 9.8.2-0.30.rc1.35.amzn1 | bind-utils-9.8.2-0.30.rc1.35.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | bind-libs | < 9.8.2-0.30.rc1.35.amzn1 | bind-libs-9.8.2-0.30.rc1.35.amzn1.x86_64.rpm |
Related
suse
suse
Security update for bind (important)
2015-03-12 23:04:54
Security update for bind (important)
2015-01-21 11:04:45
Security update for bind (important)
2015-01-05 21:04:58
nessus
nessus
Fedora 20 : bind-9.9.4-17.P2.fc20 (2014-16607)
2014-12-18 00:00:00
AIX 7.1 TL 3 : bind9 (IV68996)
2015-02-25 00:00:00
Oracle Linux 5 : bind97 (ELSA-2014-1985)
2014-12-15 00:00:00
debian
debian
[SECURITY] [DSA 3094-1] bind9 security update
2014-12-08 21:42:44
[SECURITY] [DLA 112-1] bind9 security update
2014-12-15 18:43:58
[SECURITY] [DSA 3094-1] bind9 security update
2014-12-08 21:42:44
osv
osv
bind9 - security update
2014-12-15 00:00:00
bind9 - security update
2014-12-08 00:00:00
archlinux
archlinux
bind: denial of service
2014-12-08 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2015:0011-2)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2015:0488-1)
2021-06-09 00:00:00
SUSE: Security Advisory for bind (SUSE-SU-2015:0011-1)
2015-10-13 00:00:00
checkpoint_advisories
checkpoint_advisories
oraclelinux
oraclelinux
bind97 security update
2014-12-12 00:00:00
bind security update
2014-12-12 00:00:00
bind security update
2015-07-29 00:00:00
securityvulns
securityvulns
FreeBSD Security Advisory FreeBSD-SA-14:29.bind
2014-12-10 00:00:00
ISC bind named DoS
2014-12-10 00:00:00
f5
f5
K15927 : BIND vulnerability CVE-2014-8500
2015-09-16 00:00:00
SOL15927 - BIND vulnerability CVE-2014-8500
2014-12-19 00:00:00
prion
prion
Design/Logic Flaw
2014-12-11 02:59:00
fedora
fedora
[SECURITY] Fedora 21 Update: bind-9.9.6-5.P1.fc21
2015-01-06 06:04:49
[SECURITY] Fedora 21 Update: bind-9.9.6-8.P1.fc21
2015-03-05 12:38:47
[SECURITY] Fedora 20 Update: bind-9.9.4-17.P2.fc20
2014-12-18 06:10:51
redhat
redhat
(RHSA-2014:1985) Important: bind97 security update
2014-12-12 00:00:00
(RHSA-2014:1984) Important: bind security update
2014-12-12 00:00:00
(RHSA-2016:0078) Important: bind security update
2016-01-28 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:03:25
debiancve
debiancve
CVE-2014-8500
2014-12-11 02:59:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-14:29.bind
2014-12-10 00:00:00
ubuntucve
ubuntucve
CVE-2014-8500
2014-12-09 00:00:00
centos
centos
bind97 security update
2014-12-12 11:03:15
bind, caching security update
2014-12-12 11:07:42
ubuntu
ubuntu
Bind vulnerability
2014-12-09 00:00:00
slackware
slackware
[slackware-security] bind
2014-12-11 04:11:21
[slackware-security] bind
2015-04-22 02:16:38
mageia
mageia
Updated bind packages fix CVE-2014-8500
2014-12-10 23:09:57
aix
aix
Vulnerability in AIX bind,Vulnerability in VIOS bind
2015-02-24 11:33:18
cve
cve
CVE-2014-8500
2014-12-11 02:59:00
freebsd
freebsd
bind -- denial of service vulnerability
2014-12-08 00:00:00
cert
cert
Recursive DNS resolver implementations may follow referrals infinitely
2014-12-09 00:00:00
gentoo
gentoo
BIND: Multiple Vulnerabilities
2015-02-07 00:00:00
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.898 High
EPSS
Percentile
98.7%
Related for ALAS-2015-465