Lucene search

K
mageiaGentoo FoundationMGASA-2021-0036
HistoryJan 17, 2021 - 7:07 p.m.

Updated bind packages fix security vulnerability

2021-01-1719:07:01
Gentoo Foundation
advisories.mageia.org
8

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.004 Low

EPSS

Percentile

73.9%

A flaw was found in bind. An assertion failure can occur when trying to verify a truncated response to a TSIG-signed request. The highest threat from this vulnerability is to system availability (CVE-2020-8622). A flaw was found in bind. Updates to “Update-policy” rules of type “subdomain” are treated as if they were of type “zonesub” which allows updates to all parts of the zone along with the intended subdomain. The highest threat from this vulnerability is to data integrity (CVE-2020-8624).

OSVersionArchitecturePackageVersionFilename
Mageia7noarchbind< 9.11.6-1.2bind-9.11.6-1.2.mga7

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.004 Low

EPSS

Percentile

73.9%

Related for MGASA-2021-0036