Gentoo FoundationMGASA-2021-0220Updated bind packages fix security vulnerabilities
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.336 Low
EPSS
Percentile
97.0%
A broken inbound incremental zone update (IXFR) can cause named to terminate unexpectedly(CVE-2021-25214). Mageia 7 version not affected. An assertion check can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself (CVE-2021-25215). This affects both versions. A second vulnerability in BIND’s GSSAPI security policy negotiation can be targeted by a buffer overflow attack (CVE-2021-25216). Mageia 7 version not affected.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Mageia | 7 | noarch | bind | < 9.11.6-1.4 | bind-9.11.6-1.4.mga7 |
| Mageia | 8 | noarch | bind | < 9.11.31-1.1 | bind-9.11.31-1.1.mga8 |
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.336 Low
EPSS
Percentile
97.0%