Lucene search
AmazonALAS-2015-566HistoryJul 22, 2015 - 10:00 a.m.
Important: bind
2015-07-2210:00:00
alas.aws.amazon.com
16
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.157 Low
EPSS
Percentile
95.9%
Issue Overview:
A flaw was found in the way BIND performed DNSSEC validation. An attacker able to make BIND (functioning as a DNS resolver with DNSSEC validation enabled) resolve a name in an attacker-controlled domain could cause named to exit unexpectedly with an assertion failure.
Affected Packages:
bind
Issue Correction:
Run yum update bind to update your system.
New Packages:
i686:
bind-libs-9.8.2-0.30.rc1.37.amzn1.i686
bind-debuginfo-9.8.2-0.30.rc1.37.amzn1.i686
bind-devel-9.8.2-0.30.rc1.37.amzn1.i686
bind-9.8.2-0.30.rc1.37.amzn1.i686
bind-chroot-9.8.2-0.30.rc1.37.amzn1.i686
bind-sdb-9.8.2-0.30.rc1.37.amzn1.i686
bind-utils-9.8.2-0.30.rc1.37.amzn1.i686
src:
bind-9.8.2-0.30.rc1.37.amzn1.src
x86_64:
bind-devel-9.8.2-0.30.rc1.37.amzn1.x86_64
bind-chroot-9.8.2-0.30.rc1.37.amzn1.x86_64
bind-utils-9.8.2-0.30.rc1.37.amzn1.x86_64
bind-9.8.2-0.30.rc1.37.amzn1.x86_64
bind-debuginfo-9.8.2-0.30.rc1.37.amzn1.x86_64
bind-sdb-9.8.2-0.30.rc1.37.amzn1.x86_64
bind-libs-9.8.2-0.30.rc1.37.amzn1.x86_64
Additional References
Red Hat: CVE-2015-4620
Mitre: CVE-2015-4620
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 1 | i686 | bind-libs | < 9.8.2-0.30.rc1.37.amzn1 | bind-libs-9.8.2-0.30.rc1.37.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | bind-debuginfo | < 9.8.2-0.30.rc1.37.amzn1 | bind-debuginfo-9.8.2-0.30.rc1.37.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | bind-devel | < 9.8.2-0.30.rc1.37.amzn1 | bind-devel-9.8.2-0.30.rc1.37.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | bind | < 9.8.2-0.30.rc1.37.amzn1 | bind-9.8.2-0.30.rc1.37.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | bind-chroot | < 9.8.2-0.30.rc1.37.amzn1 | bind-chroot-9.8.2-0.30.rc1.37.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | bind-sdb | < 9.8.2-0.30.rc1.37.amzn1 | bind-sdb-9.8.2-0.30.rc1.37.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | bind-utils | < 9.8.2-0.30.rc1.37.amzn1 | bind-utils-9.8.2-0.30.rc1.37.amzn1.i686.rpm |
| Amazon Linux | 1 | x86_64 | bind-devel | < 9.8.2-0.30.rc1.37.amzn1 | bind-devel-9.8.2-0.30.rc1.37.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | bind-chroot | < 9.8.2-0.30.rc1.37.amzn1 | bind-chroot-9.8.2-0.30.rc1.37.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | bind-utils | < 9.8.2-0.30.rc1.37.amzn1 | bind-utils-9.8.2-0.30.rc1.37.amzn1.x86_64.rpm |
Related
nessus
nessus
Debian DSA-3304-1 : bind9 - security update
2015-07-08 00:00:00
F5 Networks BIG-IP : BIND vulnerability (SOL16912)
2015-07-29 00:00:00
Oracle Linux 7 : bind (ELSA-2015-1443)
2015-07-21 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: bind-9.10.2-3.P2.fc22
2015-07-18 01:55:20
[SECURITY] Fedora 21 Update: bind-9.9.6-9.P1.fc21
2015-07-21 08:22:09
[SECURITY] Fedora 21 Update: bind-9.9.6-10.P1.fc21
2015-08-01 02:26:01
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:06:50
securityvulns
securityvulns
ISC bind named DoS
2015-07-13 00:00:00
[USN-2669-1] Bind vulnerability
2015-07-13 00:00:00
osv
osv
bind9 - security update
2015-07-07 00:00:00
bind9 - security update
2015-07-11 00:00:00
debian
debian
[SECURITY] [DLA 270-1] bind9 security update
2015-07-11 15:54:42
[SECURITY] [DSA 3304-1] bind9 security update
2015-07-07 19:54:36
[SECURITY] [DSA 3304-1] bind9 security update
2015-07-07 19:54:36
redhat
redhat
(RHSA-2015:1471) Important: bind security update
2015-07-22 00:00:00
(RHSA-2015:1443) Important: bind security update
2015-07-20 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-15:11.bind
2015-07-07 00:00:00
centos
centos
bind security update
2015-07-27 10:29:04
bind security update
2015-07-20 18:55:08
openvas
openvas
F5 BIG-IP - Bind vulnerability CVE-2015-4620
2015-09-18 00:00:00
Amazon Linux: Security Advisory (ALAS-2015-566)
2015-09-08 00:00:00
Fedora Update for bind FEDORA-2015-11483
2015-07-18 00:00:00
cisa
cisa
ISC Releases Security Updates for BIND
2015-07-08 00:00:00
archlinux
archlinux
bind: denial of service
2015-07-07 00:00:00
cve
cve
CVE-2015-4620
2015-07-08 14:59:00
debiancve
debiancve
CVE-2015-4620
2015-07-08 14:59:00
freebsd
freebsd
bind -- denial of service vulnerability
2015-07-07 00:00:00
checkpoint_advisories
checkpoint_advisories
ISC BIND DNSSEC Validation Denial of Service (CVE-2015-4620)
2015-10-06 00:00:00
oraclelinux
oraclelinux
bind security update
2015-07-29 00:00:00
bind security update
2015-07-20 00:00:00
prion
prion
Authentication flaw
2015-07-08 14:59:00
ubuntucve
ubuntucve
CVE-2015-4620
2015-07-07 00:00:00
ubuntu
ubuntu
Bind vulnerability
2015-07-07 00:00:00
mageia
mageia
Updated bind package fixes security vulnerability
2015-07-09 11:09:20
f5
f5
SOL16912 - BIND vulnerability CVE-2015-4620
2015-07-27 00:00:00
K16912 : BIND vulnerability CVE-2015-4620
2015-11-06 00:00:00
slackware
slackware
[slackware-security] bind
2015-07-08 00:01:18
ibm
ibm
suse
suse
Security update for bind (important)
2015-07-08 16:08:18
Security update for bind (important)
2015-07-31 12:08:25
gentoo
gentoo
BIND: Denial of service
2015-10-18 00:00:00
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.157 Low
EPSS
Percentile
95.9%
Related for ALAS-2015-566