Medium: bind

Issue Overview:

A flaw was found in bind. An assertion failure can occur when trying to verify a truncated response to a TSIG-signed request. The highest threat from this vulnerability is to system availability. (CVE-2020-8622)

A flaw was found in bind. An assertion failure can occur when a specially crafted query for a zone signed with an RSA key. BIND must be compiled with “–enable-native-pkcs11” for the system to be affected. The highest threat from this vulnerability is to system availability. (CVE-2020-8623)

A flaw was found in bind. Updates to “Update-policy” rules of type “subdomain” are treated as if they were of type “zonesub” which allows updates to all parts of the zone along with the intended subdomain. The highest threat from this vulnerability is to data integrity. (CVE-2020-8624)

Affected Packages:

bind

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update bind to update your system.

New Packages:

aarch64:  
    bind-9.11.4-26.P2.amzn2.2.aarch64  
    bind-pkcs11-9.11.4-26.P2.amzn2.2.aarch64  
    bind-pkcs11-utils-9.11.4-26.P2.amzn2.2.aarch64  
    bind-pkcs11-libs-9.11.4-26.P2.amzn2.2.aarch64  
    bind-pkcs11-devel-9.11.4-26.P2.amzn2.2.aarch64  
    bind-sdb-9.11.4-26.P2.amzn2.2.aarch64  
    bind-libs-lite-9.11.4-26.P2.amzn2.2.aarch64  
    bind-libs-9.11.4-26.P2.amzn2.2.aarch64  
    bind-utils-9.11.4-26.P2.amzn2.2.aarch64  
    bind-devel-9.11.4-26.P2.amzn2.2.aarch64  
    bind-lite-devel-9.11.4-26.P2.amzn2.2.aarch64  
    bind-chroot-9.11.4-26.P2.amzn2.2.aarch64  
    bind-sdb-chroot-9.11.4-26.P2.amzn2.2.aarch64  
    bind-export-libs-9.11.4-26.P2.amzn2.2.aarch64  
    bind-export-devel-9.11.4-26.P2.amzn2.2.aarch64  
    bind-debuginfo-9.11.4-26.P2.amzn2.2.aarch64  
  
i686:  
    bind-9.11.4-26.P2.amzn2.2.i686  
    bind-pkcs11-9.11.4-26.P2.amzn2.2.i686  
    bind-pkcs11-utils-9.11.4-26.P2.amzn2.2.i686  
    bind-pkcs11-libs-9.11.4-26.P2.amzn2.2.i686  
    bind-pkcs11-devel-9.11.4-26.P2.amzn2.2.i686  
    bind-sdb-9.11.4-26.P2.amzn2.2.i686  
    bind-libs-lite-9.11.4-26.P2.amzn2.2.i686  
    bind-libs-9.11.4-26.P2.amzn2.2.i686  
    bind-utils-9.11.4-26.P2.amzn2.2.i686  
    bind-devel-9.11.4-26.P2.amzn2.2.i686  
    bind-lite-devel-9.11.4-26.P2.amzn2.2.i686  
    bind-chroot-9.11.4-26.P2.amzn2.2.i686  
    bind-sdb-chroot-9.11.4-26.P2.amzn2.2.i686  
    bind-export-libs-9.11.4-26.P2.amzn2.2.i686  
    bind-export-devel-9.11.4-26.P2.amzn2.2.i686  
    bind-debuginfo-9.11.4-26.P2.amzn2.2.i686  
  
noarch:  
    bind-license-9.11.4-26.P2.amzn2.2.noarch  
  
src:  
    bind-9.11.4-26.P2.amzn2.2.src  
  
x86_64:  
    bind-9.11.4-26.P2.amzn2.2.x86_64  
    bind-pkcs11-9.11.4-26.P2.amzn2.2.x86_64  
    bind-pkcs11-utils-9.11.4-26.P2.amzn2.2.x86_64  
    bind-pkcs11-libs-9.11.4-26.P2.amzn2.2.x86_64  
    bind-pkcs11-devel-9.11.4-26.P2.amzn2.2.x86_64  
    bind-sdb-9.11.4-26.P2.amzn2.2.x86_64  
    bind-libs-lite-9.11.4-26.P2.amzn2.2.x86_64  
    bind-libs-9.11.4-26.P2.amzn2.2.x86_64  
    bind-utils-9.11.4-26.P2.amzn2.2.x86_64  
    bind-devel-9.11.4-26.P2.amzn2.2.x86_64  
    bind-lite-devel-9.11.4-26.P2.amzn2.2.x86_64  
    bind-chroot-9.11.4-26.P2.amzn2.2.x86_64  
    bind-sdb-chroot-9.11.4-26.P2.amzn2.2.x86_64  
    bind-export-libs-9.11.4-26.P2.amzn2.2.x86_64  
    bind-export-devel-9.11.4-26.P2.amzn2.2.x86_64  
    bind-debuginfo-9.11.4-26.P2.amzn2.2.x86_64  

Additional References

Red Hat: CVE-2020-8622, CVE-2020-8623, CVE-2020-8624

Mitre: CVE-2020-8622, CVE-2020-8623, CVE-2020-8624