Lucene search

AmazonALAS2-2019-1231

HistoryJun 25, 2019 - 9:06 p.m.

Important: bind

2019-06-2521:06:00

alas.aws.amazon.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

61.0%

JSON

Issue Overview:

A flaw was found in the way bind implemented tunable which limited simultaneous TCP client connections. A remote attacker could use this flaw to exhaust the pool of file descriptors available to named, potentially affecting network connections and the management of files such as log files or zone journal files. In cases where the named process is not limited by OS-enforced per-process limits, this could additionally potentially lead to exhaustion of all available free file descriptors on that system. (CVE-2018-5743)

Affected Packages:

bind

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update bind to update your system.

New Packages:

aarch64:  
    bind-9.9.4-74.amzn2.1.2.aarch64  
    bind-pkcs11-9.9.4-74.amzn2.1.2.aarch64  
    bind-pkcs11-utils-9.9.4-74.amzn2.1.2.aarch64  
    bind-pkcs11-libs-9.9.4-74.amzn2.1.2.aarch64  
    bind-pkcs11-devel-9.9.4-74.amzn2.1.2.aarch64  
    bind-sdb-9.9.4-74.amzn2.1.2.aarch64  
    bind-libs-lite-9.9.4-74.amzn2.1.2.aarch64  
    bind-libs-9.9.4-74.amzn2.1.2.aarch64  
    bind-utils-9.9.4-74.amzn2.1.2.aarch64  
    bind-devel-9.9.4-74.amzn2.1.2.aarch64  
    bind-lite-devel-9.9.4-74.amzn2.1.2.aarch64  
    bind-chroot-9.9.4-74.amzn2.1.2.aarch64  
    bind-sdb-chroot-9.9.4-74.amzn2.1.2.aarch64  
    bind-debuginfo-9.9.4-74.amzn2.1.2.aarch64  
  
i686:  
    bind-9.9.4-74.amzn2.1.2.i686  
    bind-pkcs11-9.9.4-74.amzn2.1.2.i686  
    bind-pkcs11-utils-9.9.4-74.amzn2.1.2.i686  
    bind-pkcs11-libs-9.9.4-74.amzn2.1.2.i686  
    bind-pkcs11-devel-9.9.4-74.amzn2.1.2.i686  
    bind-sdb-9.9.4-74.amzn2.1.2.i686  
    bind-libs-lite-9.9.4-74.amzn2.1.2.i686  
    bind-libs-9.9.4-74.amzn2.1.2.i686  
    bind-utils-9.9.4-74.amzn2.1.2.i686  
    bind-devel-9.9.4-74.amzn2.1.2.i686  
    bind-lite-devel-9.9.4-74.amzn2.1.2.i686  
    bind-chroot-9.9.4-74.amzn2.1.2.i686  
    bind-sdb-chroot-9.9.4-74.amzn2.1.2.i686  
    bind-debuginfo-9.9.4-74.amzn2.1.2.i686  
  
noarch:  
    bind-license-9.9.4-74.amzn2.1.2.noarch  
  
src:  
    bind-9.9.4-74.amzn2.1.2.src  
  
x86_64:  
    bind-9.9.4-74.amzn2.1.2.x86_64  
    bind-pkcs11-9.9.4-74.amzn2.1.2.x86_64  
    bind-pkcs11-utils-9.9.4-74.amzn2.1.2.x86_64  
    bind-pkcs11-libs-9.9.4-74.amzn2.1.2.x86_64  
    bind-pkcs11-devel-9.9.4-74.amzn2.1.2.x86_64  
    bind-sdb-9.9.4-74.amzn2.1.2.x86_64  
    bind-libs-lite-9.9.4-74.amzn2.1.2.x86_64  
    bind-libs-9.9.4-74.amzn2.1.2.x86_64  
    bind-utils-9.9.4-74.amzn2.1.2.x86_64  
    bind-devel-9.9.4-74.amzn2.1.2.x86_64  
    bind-lite-devel-9.9.4-74.amzn2.1.2.x86_64  
    bind-chroot-9.9.4-74.amzn2.1.2.x86_64  
    bind-sdb-chroot-9.9.4-74.amzn2.1.2.x86_64  
    bind-debuginfo-9.9.4-74.amzn2.1.2.x86_64

Additional References

Red Hat: CVE-2018-5743

Mitre: CVE-2018-5743

OSVersionArchitecturePackageVersionFilename
Amazon Linux2aarch64bind< 9.9.4-74.amzn2.1.2bind-9.9.4-74.amzn2.1.2.aarch64.rpm
Amazon Linux2aarch64bind-pkcs11< 9.9.4-74.amzn2.1.2bind-pkcs11-9.9.4-74.amzn2.1.2.aarch64.rpm
Amazon Linux2aarch64bind-pkcs11-utils< 9.9.4-74.amzn2.1.2bind-pkcs11-utils-9.9.4-74.amzn2.1.2.aarch64.rpm
Amazon Linux2aarch64bind-pkcs11-libs< 9.9.4-74.amzn2.1.2bind-pkcs11-libs-9.9.4-74.amzn2.1.2.aarch64.rpm
Amazon Linux2aarch64bind-pkcs11-devel< 9.9.4-74.amzn2.1.2bind-pkcs11-devel-9.9.4-74.amzn2.1.2.aarch64.rpm
Amazon Linux2aarch64bind-sdb< 9.9.4-74.amzn2.1.2bind-sdb-9.9.4-74.amzn2.1.2.aarch64.rpm
Amazon Linux2aarch64bind-libs-lite< 9.9.4-74.amzn2.1.2bind-libs-lite-9.9.4-74.amzn2.1.2.aarch64.rpm
Amazon Linux2aarch64bind-libs< 9.9.4-74.amzn2.1.2bind-libs-9.9.4-74.amzn2.1.2.aarch64.rpm
Amazon Linux2aarch64bind-utils< 9.9.4-74.amzn2.1.2bind-utils-9.9.4-74.amzn2.1.2.aarch64.rpm
Amazon Linux2aarch64bind-devel< 9.9.4-74.amzn2.1.2bind-devel-9.9.4-74.amzn2.1.2.aarch64.rpm

OS	Version	Architecture	Package	Version	Filename
Amazon Linux	2	aarch64	bind	< 9.9.4-74.amzn2.1.2	bind-9.9.4-74.amzn2.1.2.aarch64.rpm
Amazon Linux	2	aarch64	bind-pkcs11	< 9.9.4-74.amzn2.1.2	bind-pkcs11-9.9.4-74.amzn2.1.2.aarch64.rpm
Amazon Linux	2	aarch64	bind-pkcs11-utils	< 9.9.4-74.amzn2.1.2	bind-pkcs11-utils-9.9.4-74.amzn2.1.2.aarch64.rpm
Amazon Linux	2	aarch64	bind-pkcs11-libs	< 9.9.4-74.amzn2.1.2	bind-pkcs11-libs-9.9.4-74.amzn2.1.2.aarch64.rpm
Amazon Linux	2	aarch64	bind-pkcs11-devel	< 9.9.4-74.amzn2.1.2	bind-pkcs11-devel-9.9.4-74.amzn2.1.2.aarch64.rpm
Amazon Linux	2	aarch64	bind-sdb	< 9.9.4-74.amzn2.1.2	bind-sdb-9.9.4-74.amzn2.1.2.aarch64.rpm
Amazon Linux	2	aarch64	bind-libs-lite	< 9.9.4-74.amzn2.1.2	bind-libs-lite-9.9.4-74.amzn2.1.2.aarch64.rpm
Amazon Linux	2	aarch64	bind-libs	< 9.9.4-74.amzn2.1.2	bind-libs-9.9.4-74.amzn2.1.2.aarch64.rpm
Amazon Linux	2	aarch64	bind-utils	< 9.9.4-74.amzn2.1.2	bind-utils-9.9.4-74.amzn2.1.2.aarch64.rpm
Amazon Linux	2	aarch64	bind-devel	< 9.9.4-74.amzn2.1.2	bind-devel-9.9.4-74.amzn2.1.2.aarch64.rpm