Lucene search

K
slackwareSlackware Linux ProjectSSA-2018-222-01
HistoryAug 10, 2018 - 11:54 p.m.

[slackware-security] bind

2018-08-1023:54:53
Slackware Linux Project
www.slackware.com
48

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.953 High

EPSS

Percentile

99.3%

New bind packages are available for Slackware 14.0, 14.1, 14.2,
and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:

patches/packages/bind-9.10.8_P1-i586-1_slack14.2.txz: Upgraded.
Fixed a security issue where named could crash during recursive processing
of DNAME records when “deny-answer-aliases” was in use resulting in a
denial of service. Note that “deny-answer-aliases” is rarely used.
For more information, see:
https://vulners.com/cve/CVE-2018-5740
(* Security fix *)

Where to find the new packages:

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/bind-9.9.13_P1-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/bind-9.9.13_P1-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/bind-9.9.13_P1-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/bind-9.9.13_P1-x86_64-1_slack14.1.txz

Updated package for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/bind-9.10.8_P1-i586-1_slack14.2.txz

Updated package for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/bind-9.10.8_P1-x86_64-1_slack14.2.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/bind-9.12.2_P1-i586-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/bind-9.12.2_P1-x86_64-1.txz

MD5 signatures:

Slackware 14.0 package:
041023d947ffece54b22634cbabb5d77 bind-9.9.13_P1-i486-1_slack14.0.txz

Slackware x86_64 14.0 package:
839e62957c64dbe7f097bf0302a8a98a bind-9.9.13_P1-x86_64-1_slack14.0.txz

Slackware 14.1 package:
f2e87f277c20dff52c4ca5eb3c0adaf2 bind-9.9.13_P1-i486-1_slack14.1.txz

Slackware x86_64 14.1 package:
445bb300b26defe48cb98672fc0d53c8 bind-9.9.13_P1-x86_64-1_slack14.1.txz

Slackware 14.2 package:
cb9b284b798d1c8c7db695c2ecb8c1bc bind-9.10.8_P1-i586-1_slack14.2.txz

Slackware x86_64 14.2 package:
797e5dccded1bb72ceaede860cd79e82 bind-9.10.8_P1-x86_64-1_slack14.2.txz

Slackware -current package:
6729dbb467b44ed934ca4c03ddfbbc78 n/bind-9.12.2_P1-i586-1.txz

Slackware x86_64 -current package:
56bc799888ee94f1eadb43737a04fb75 n/bind-9.12.2_P1-x86_64-1.txz

Installation instructions:

Upgrade the package as root:
> upgradepkg bind-9.10.8_P1-i586-1_slack14.2.txz

Then, restart the name server:

> /etc/rc.d/rc.bind restart

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.953 High

EPSS

Percentile

99.3%

Related for SSA-2018-222-01