Gentoo FoundationMGASA-2019-0299Updated bind packages fix security vulnerabilities
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.002 Low
EPSS
Percentile
61.0%
Updated bind packages fix security vulnerabilities Limiting simultaneous TCP clients is ineffective (CVE-2018-5743) Race condition when discarding malformed packets can cause bind to exit with assertion failure (CVE-2019-6471) In addition to those two security issues, this package releases also fixes two additional issues: - a missing conflict tag between old bind and bnew ind-utils subpackages, preventing upgrade due to a file conflict - missing root.key file, despite this one being refered in default configuration
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Mageia | 7 | noarch | bind | <Â 9.11.6-1.1 | bind-9.11.6-1.1.mga7 |
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.002 Low
EPSS
Percentile
61.0%