bind security update

2019-02-0123:13:12

CentOS Project

lists.centos.org

404

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

46.5%

JSON

CentOS Errata and Security Advisory CESA-2019:0194

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.

Security Fix(es):

bind: Crash from assertion error when debug log level is 10 and log entries meet buffer boundary (CVE-2018-5742)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2019-February/085344.html

Affected packages:
bind
bind-chroot
bind-devel
bind-libs
bind-libs-lite
bind-license
bind-lite-devel
bind-pkcs11
bind-pkcs11-devel
bind-pkcs11-libs
bind-pkcs11-utils
bind-sdb
bind-sdb-chroot
bind-utils

Upstream details at:
https://access.redhat.com/errata/RHSA-2019:0194

OSVersionArchitecturePackageVersionFilename
CentOS7x86_64bind< 9.9.4-73.el7_6bind-9.9.4-73.el7_6.x86_64.rpm
CentOS7x86_64bind-chroot< 9.9.4-73.el7_6bind-chroot-9.9.4-73.el7_6.x86_64.rpm
CentOS7i686bind-devel< 9.9.4-73.el7_6bind-devel-9.9.4-73.el7_6.i686.rpm
CentOS7x86_64bind-devel< 9.9.4-73.el7_6bind-devel-9.9.4-73.el7_6.x86_64.rpm
CentOS7i686bind-libs< 9.9.4-73.el7_6bind-libs-9.9.4-73.el7_6.i686.rpm
CentOS7x86_64bind-libs< 9.9.4-73.el7_6bind-libs-9.9.4-73.el7_6.x86_64.rpm
CentOS7i686bind-libs-lite< 9.9.4-73.el7_6bind-libs-lite-9.9.4-73.el7_6.i686.rpm
CentOS7x86_64bind-libs-lite< 9.9.4-73.el7_6bind-libs-lite-9.9.4-73.el7_6.x86_64.rpm
CentOS7noarchbind-license< 9.9.4-73.el7_6bind-license-9.9.4-73.el7_6.noarch.rpm
CentOS7i686bind-lite-devel< 9.9.4-73.el7_6bind-lite-devel-9.9.4-73.el7_6.i686.rpm

OS	Version	Architecture	Package	Version	Filename
CentOS	7	x86_64	bind	< 9.9.4-73.el7_6	bind-9.9.4-73.el7_6.x86_64.rpm
CentOS	7	x86_64	bind-chroot	< 9.9.4-73.el7_6	bind-chroot-9.9.4-73.el7_6.x86_64.rpm
CentOS	7	i686	bind-devel	< 9.9.4-73.el7_6	bind-devel-9.9.4-73.el7_6.i686.rpm
CentOS	7	x86_64	bind-devel	< 9.9.4-73.el7_6	bind-devel-9.9.4-73.el7_6.x86_64.rpm
CentOS	7	i686	bind-libs	< 9.9.4-73.el7_6	bind-libs-9.9.4-73.el7_6.i686.rpm
CentOS	7	x86_64	bind-libs	< 9.9.4-73.el7_6	bind-libs-9.9.4-73.el7_6.x86_64.rpm
CentOS	7	i686	bind-libs-lite	< 9.9.4-73.el7_6	bind-libs-lite-9.9.4-73.el7_6.i686.rpm
CentOS	7	x86_64	bind-libs-lite	< 9.9.4-73.el7_6	bind-libs-lite-9.9.4-73.el7_6.x86_64.rpm
CentOS	7	noarch	bind-license	< 9.9.4-73.el7_6	bind-license-9.9.4-73.el7_6.noarch.rpm
CentOS	7	i686	bind-lite-devel	< 9.9.4-73.el7_6	bind-lite-devel-9.9.4-73.el7_6.i686.rpm