44 matches found
[slackware-security] bind
New bind packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/bind-9.11.20-i586-1slack14.2.txz: Upgraded. This update fixes a security issue: It was possible to trigger an INSIST in...
MGASA-2020-0259 Updated bind packages fix security vulnerability
Updated bind packages fix security vulnerabilities: It was discovered that Bind incorrectly handled certain TCP-pipelined queries. A remote attacker could possibly use this issue to cause Bind to consume resources, resulting in a denial of service CVE-2019-6477. Lior Shafir, Yehuda Afek, and Anat...
EulerOS 2.0 SP5 : bind (EulerOS-SA-2019-2128)
According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - 'managed-keys' is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for us...
NewStart CGSL CORE 5.04 / MAIN 5.04 : bind Vulnerability (NS-SA-2019-0063)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has bind packages installed that are affected by a vulnerability: - RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been...
MGASA-2018-0353 Updated bind packages fix security vulnerability
Updated bind packages fix security vulnerability: In ISC BIND, a defect in thie "deny-answer-aliases" feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Accidental or deliberate triggering of this defect will cause a REQUIRE assertion failure in named...
MGASA-2018-0092 Updated bind packages fix security vulnerability
BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named CVE-2017-3145...
MGASA-2017-0478 Updated bind packages fix security vulnerability
It was discovered that Bind incorrectly handled certain malformed responses to an ANY query. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service CVE-2016-9131. It was discovered that Bind incorrectly handled certain malformed responses to an AN...
MGASA-2016-0365 Updated bind packages fix security vulnerability
Tony Finch and Marco Davids discovered that Bind incorrectly handled certain responses containing a DNAME answer. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service CVE-2016-8864...
MGASA-2015-0481 Updated bind packages fix security vulnerability
An error in the parsing of incoming responses allows some records with an incorrect class to be accepted by BIND instead of being rejected as malformed. This can trigger a REQUIRE assertion failure when those records are subsequently cached. Intentional exploitation of this condition is possible...
CentOS 6 / 7 : bind (CESA-2015:1705)
"Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...
MGASA-2015-0341 Updated bind packages fix security vulnerabilities
Updated bind packages fix security vulnerability: Parsing a malformed DNSSEC key can cause a validating resolver to exit due to a failed assertion in buffer.c. It is possible for a remote attacker to deliberately trigger this condition, for example by using a query which requires a response from ...
CentOS 6 / 7 : bind (CESA-2015:1513)
"Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...
[slackware-security] bind
New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue. Here are the details from the Slackware 14.1 ChangeLog: patches/packages/bind-9.9.7P2-i486-1slack14.1.txz: Upgraded. This update fixes a security issue where an error in the handling...
CentOS 6 / 7 : bind (CESA-2015:0672)
"Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...
Updated bind packages fix CVE-2015-1349
Updated bind packages fix security vulnerability: Jan-Piet Mens discovered that the BIND DNS server would crash when processing an invalid DNSSEC key rollover, either due to an error on the zone operator's part, or due to interference with network traffic by an attacker. This issue affects...
MGASA-2014-0524 Updated bind packages fix CVE-2014-8500
Updated bind packages fix security vulnerability: By making use of maliciously-constructed zones or a rogue server, an attacker can exploit an oversight in the code BIND 9 uses to follow delegations in the Domain Name Service, causing BIND to issue unlimited queries in an attempt to follow the...
Oracle Linux 5 / 6 : bind (ELSA-2011-1458)
The remote Oracle Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2011-1458 advisory. - update to 9.7.3-P3 CVE-2011-2464 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus...
VMSA-2013-0001 : VMware vSphere security updates for the authentication service and third-party libraries
a. VMware vSphere client-side authentication memory corruption vulnerability VMware vCenter Server, vSphere Client, and ESX contain a vulnerability in the handling of the management authentication protocol. To exploit this vulnerability, an attacker must convince either vCenter Server, vSphere...
VMSA-2012-0016 : VMware security updates for vSphere API and ESX Service Console
a. VMware vSphere API denial of service vulnerability The VMware vSphere API contains a denial of service vulnerability. This issue allows an unauthenticated user to send a maliciously crafted API request and disable the host daemon. Exploitation of the issue would prevent management activities o...
bind 10.2/11.0 recompile
Updated bind packages are available for Slackware 10.2 and 11.0 to address a load problem. It was reported that the initial build of these updates complained that the Linux capability module was not present and would refuse to load. It was determined that the packages which were compiled on 10.2...