Oracle Linux 7 : bind (ELSA-2022-6765)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-6765 advisory. - Fix memory leak in ECDSA verify processing CVE-2022-38177 Tenable has extracted the preceding description block directly from the Oracle Linux securi...

SUSE SLES12: bind / bind-chrootenv / bind-doc / bind-libs / bind-libs-32bit / etc (SUSE-SU-2022:3500-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3500-1 advisory. - CVE-2022-2795: Fixed potential performance degredation due to missing database lookup limits when processing large delegations bsc1203614. -...

Scientific Linux Security Update : bind on SL7.x i686/x86_64 (2022:6765)

The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2022:6765-1 advisory. - bind: memory leak in ECDSA DNSSEC verification code CVE-2022-38177 - bind: memory leaks in EdDSA DNSSEC verification code CVE-2022-38178 Note...

RHEL 8 : bind (RHSA-2022:6780)

"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:6780 advisory. The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named...

RHEL 8 : bind9.16 (RHSA-2022:6781)

"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:6781 advisory. The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named...

Oracle Linux 9 : bind (ELSA-2022-6763)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-6763 advisory. - Fix possible serve-stale related crash CVE-2022-3080 - Fix memory leak in ECDSA verify processing CVE-2022-38177 Tenable has extracted the preceding...

RHEL 8 : bind (RHSA-2022:6779)

"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:6779 advisory. The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named...

Oracle Linux 8 : bind (ELSA-2022-6778)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-6778 advisory. - Fix memory leak in ECDSA verify processing CVE-2022-38177 Tenable has extracted the preceding description block directly from the Oracle Linux securi...

SUSE: Security Advisory (SUSE-SU-2022:3499-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2022:3500-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

bind: memory leaks in EdDSA DNSSEC verification code

A flaw was found in the Bind package, where the DNSSEC verification code for the EdDSA algorithm leaks memory when there is a signature length mismatch. By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak, resulting in...

Important: Red Hat Security Advisory: bind security update

An update for bind is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

bind: memory leak in ECDSA DNSSEC verification code

A flaw was found in the Bind package. By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak, resulting in crashing the program...

Important: Red Hat Security Advisory: bind security update

An update for bind is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

bind: memory leak in ECDSA DNSSEC verification code

A flaw was found in the Bind package. By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak, resulting in crashing the program...

bind: BIND 9 resolvers configured to answer from cache with zero stale-answer-timeout may terminate unexpectedly

A flaw was found in the Bind package, where the resolver can crash when stale cache and stale answers are enabled, option stale-answer-client-timeout is set to 0 and there is a stale CNAME in the cache for an incoming query. By sending specific queries to the resolver, an attacker can cause named...

bind: memory leaks in EdDSA DNSSEC verification code

A flaw was found in the Bind package, where the DNSSEC verification code for the EdDSA algorithm leaks memory when there is a signature length mismatch. By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak, resulting in...

Important: Red Hat Security Advisory: bind9.16 security update

An update for bind9.16 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

bind: memory leak in ECDSA DNSSEC verification code

A flaw was found in the Bind package. By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak, resulting in crashing the program...

bind: memory leaks in EdDSA DNSSEC verification code

A flaw was found in the Bind package, where the DNSSEC verification code for the EdDSA algorithm leaks memory when there is a signature length mismatch. By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak, resulting in...