[SECURITY] [DLA 2955-1] bind9 security update

2022-03-1823:04:32

lists.debian.org

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

53.9%

JSON

Debian LTS Advisory DLA-2955-1 [email protected]
https://www.debian.org/lts/security/ Markus Koschany
March 18, 2022 https://wiki.debian.org/LTS

Package : bind9
Version : 1:9.10.3.dfsg.P4-12.3+deb9u11
CVE ID : CVE-2021-25220

It was found that bind9, an internet domain name server, was vulnerable to
cache poisoning. When using forwarders, bogus NS records supplied by, or via,
those forwarders may be cached and used by named if it needs to recurse for any
reason, causing it to obtain and pass on potentially incorrect answers.

For Debian 9 stretch, this problem has been fixed in version
1:9.10.3.dfsg.P4-12.3+deb9u11.

We recommend that you upgrade your bind9 packages.

For the detailed security status of bind9 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/bind9

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: This is a digitally signed message part

OSVersionArchitecturePackageVersionFilename
Debian11mips64elbind9-utils< 1:9.16.27-1~deb11u1bind9-utils_1:9.16.27-1~deb11u1_mips64el.deb
Debian10amd64libisc-export1100-udeb< 1:9.11.5.P4+dfsg-5.1+deb10u7libisc-export1100-udeb_1:9.11.5.P4+dfsg-5.1+deb10u7_amd64.deb
Debian9amd64libisccfg140< 1:9.10.3.dfsg.P4-12.3+deb9u11libisccfg140_1:9.10.3.dfsg.P4-12.3+deb9u11_amd64.deb
Debian11mipselbind9-dev< 1:9.16.27-1~deb11u1bind9-dev_1:9.16.27-1~deb11u1_mipsel.deb
Debian10mips64ellibdns-export1104-udeb< 1:9.11.5.P4+dfsg-5.1+deb10u7libdns-export1104-udeb_1:9.11.5.P4+dfsg-5.1+deb10u7_mips64el.deb
Debian10arm64dnsutils< 1:9.11.5.P4+dfsg-5.1+deb10u7dnsutils_1:9.11.5.P4+dfsg-5.1+deb10u7_arm64.deb
Debian10mipsliblwres161-dbgsym< 1:9.11.5.P4+dfsg-5.1+deb10u7liblwres161-dbgsym_1:9.11.5.P4+dfsg-5.1+deb10u7_mips.deb
Debian10mipselbind9-dbgsym< 1:9.11.5.P4+dfsg-5.1+deb10u7bind9-dbgsym_1:9.11.5.P4+dfsg-5.1+deb10u7_mipsel.deb
Debian10mipsellibdns-export1104-udeb< 1:9.11.5.P4+dfsg-5.1+deb10u7libdns-export1104-udeb_1:9.11.5.P4+dfsg-5.1+deb10u7_mipsel.deb
Debian11amd64bind9-dnsutils< 1:9.16.27-1~deb11u1bind9-dnsutils_1:9.16.27-1~deb11u1_amd64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	11	mips64el	bind9-utils	< 1:9.16.27-1~deb11u1	bind9-utils_1:9.16.27-1~deb11u1_mips64el.deb
Debian	10	amd64	libisc-export1100-udeb	< 1:9.11.5.P4+dfsg-5.1+deb10u7	libisc-export1100-udeb_1:9.11.5.P4+dfsg-5.1+deb10u7_amd64.deb
Debian	9	amd64	libisccfg140	< 1:9.10.3.dfsg.P4-12.3+deb9u11	libisccfg140_1:9.10.3.dfsg.P4-12.3+deb9u11_amd64.deb
Debian	11	mipsel	bind9-dev	< 1:9.16.27-1~deb11u1	bind9-dev_1:9.16.27-1~deb11u1_mipsel.deb
Debian	10	mips64el	libdns-export1104-udeb	< 1:9.11.5.P4+dfsg-5.1+deb10u7	libdns-export1104-udeb_1:9.11.5.P4+dfsg-5.1+deb10u7_mips64el.deb
Debian	10	arm64	dnsutils	< 1:9.11.5.P4+dfsg-5.1+deb10u7	dnsutils_1:9.11.5.P4+dfsg-5.1+deb10u7_arm64.deb
Debian	10	mips	liblwres161-dbgsym	< 1:9.11.5.P4+dfsg-5.1+deb10u7	liblwres161-dbgsym_1:9.11.5.P4+dfsg-5.1+deb10u7_mips.deb
Debian	10	mipsel	bind9-dbgsym	< 1:9.11.5.P4+dfsg-5.1+deb10u7	bind9-dbgsym_1:9.11.5.P4+dfsg-5.1+deb10u7_mipsel.deb
Debian	10	mipsel	libdns-export1104-udeb	< 1:9.11.5.P4+dfsg-5.1+deb10u7	libdns-export1104-udeb_1:9.11.5.P4+dfsg-5.1+deb10u7_mipsel.deb
Debian	11	amd64	bind9-dnsutils	< 1:9.16.27-1~deb11u1	bind9-dnsutils_1:9.16.27-1~deb11u1_amd64.deb