[slackware-security] bind

New bind packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/bind-9.16.33-i586-1slack15.0.txz: Upgraded. This update fixes bugs and the following security issues: Fix memory leak in EdDSA verify...

USN-5626-2 bind9 vulnerabilities

USN-5626-1 fixed several vulnerabilities in Bind. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Yehuda Afek, Anat Bremler-Barr, and Shani Stajnrod discovered that Bind incorrectly handled large delegations. A remote attacker...

CVE-2022-38178

A flaw was found in the Bind package, where the DNSSEC verification code for the EdDSA algorithm leaks memory when there is a signature length mismatch. By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak, resulting in...

CVE-2022-38177

A flaw was found in the Bind package. By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak, resulting in crashing the program...

CVE-2022-3080

A flaw was found in the Bind package, where the resolver can crash when stale cache and stale answers are enabled, option stale-answer-client-timeout is set to 0 and there is a stale CNAME in the cache for an incoming query. By sending specific queries to the resolver, an attacker can cause named...

CVE-2022-2795

A flaw was found in bind. When flooding the target resolver with special queries, an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service...

CVE-2022-2881

A flaw was found in the Bind package. When an HTTP connection was reused to request statistics from the stats channel, the content length of successive responses could grow in size past the end of the allocated buffer, affecting the availability...

CVE-2022-2906

A flaw was found in the Bind package, where a flaw in ‘named’ can cause a small memory leak in key processing when using TKEY records in Diffie-Hellman mode with OpenSSL 3.0.0 and later versions. This flaw allows an attacker to gradually erode available memory to the point where ‘named’ crashes d...

AZL-10999 CVE-2022-2795 affecting package bind for versions less than 9.16.33-1

By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service...

AZL-11000 CVE-2022-3080 affecting package bind for versions less than 9.16.33-1

By sending specific queries to the resolver, an attacker can cause named to crash...

AZL-11002 CVE-2022-38178 affecting package bind for versions less than 9.16.33-1

By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources...

AZL-11001 CVE-2022-38177 affecting package bind for versions less than 9.16.33-1

By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources...

CVE-2022-3080 BIND 9 resolvers configured to answer from stale cache with zero stale-answer-client-timeout may terminate unexpectedly

By sending specific queries to the resolver, an attacker can cause named to crash...

CVE-2022-3080 BIND 9 resolvers configured to answer from stale cache with zero stale-answer-client-timeout may terminate unexpectedly

By sending specific queries to the resolver, an attacker can cause named to crash...

ISC BIND 注入漏洞

ISC BIND is a suite of open source software that implements the DNS protocol from the US company ISC. A security vulnerability exists in ISC BIND versions prior to 9.16.33, 9.18.x prior to 9.18.7, and 9.19.x prior to 9.19.5, which stems from the fact that when stale caching and stale answers are...

ISC BIND 数据伪造问题漏洞

ISC BIND is a suite of open source software that implements the DNS protocol from the US company ISC. A security vulnerability exists in BIND that originates from the use of a misformatted EdDSA signature that spoofs the target resolver, causing memory to crash due to insufficient resources. The...

ISC BIND 缓冲区错误漏洞

ISC BIND is the United States ISC company's set of open source software that implements the DNS protocol. ISC BIND suffers from a buffer overflow vulnerability that originates when reusing an HTTP connection to request statistics from the stats channel, where the length of the contents of...

Vulnerabilities fixed in BIND

ISC has fixed several vulnerabilities in BIND. A remote malicious party could potentially exploit the vulnerabilities to cause a denial-of-service. ISC has released updates to fix the vulnerabilities in BIND. For more information, see: https://kb.isc.org/docs/cve-2022-2795...

ISC BIND 安全漏洞

ISC BIND is a suite of open source software that implements the DNS protocol from the US company ISC. A security vulnerability in ISC BIND versions 9.18.x prior to 9.18.7 and 9.19.x prior to 9.19.5, which stems from changes between OpenSSL 1.x and OpenSSL 3.0 exposes a flaw in the naming, which c...

Slackware Linux 15.0 / current bind Multiple Vulnerabilities (SSA:2022-264-01)

The version of bind installed on the remote host is prior to 9.16.33 / 9.18.7. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-264-01 advisory. - By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the...