AXSA:2021-1277:01

Release date: 
Thursday, January 21, 2021 - 03:11
Subject: 
bind-9.11.20-5.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.

The following packages have been upgraded to a later upstream version: bind (9.11.20).

Security Fix(es):

* bind: asterisk character in an empty non-terminal can cause an assertion failure in rbtdb.c (CVE-2020-8619)

* bind: truncated TSIG response can lead to an assertion failure (CVE-2020-8622)

* bind: remotely triggerable assertion failure in pk11.c (CVE-2020-8623)

* bind: incorrect enforcement of update-policy rules of type "subdomain" (CVE-2020-8624)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2020-8619
In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9.14.12, BIND 9.16.0 -> 9.16.3, BIND Supported Preview Edition 9.11.14-S1 -> 9.11.19-S1: Unless a nameserver is providing authoritative service for one or more zones and at least one zone contains an empty non-terminal entry containing an asterisk ("*") character, this defect cannot be encountered. A would-be attacker who is allowed to change zone content could theoretically introduce such a record in order to exploit this condition to cause denial of service, though we consider the use of this vector unlikely because any such attack would require a significant privilege level and be easily traceable.
CVE-2020-8622
In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and message, and spoof a truncated response to trigger an assertion failure, causing the server to exit.
CVE-2020-8623
In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with "--enable-native-pkcs11" * be signing one or more zones with an RSA key * be able to receive queries from a possible attacker
CVE-2020-8624
In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the zone's content could abuse these unintended additional privileges to update other contents of the zone.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. bind-9.11.20-5.el8.src.rpm
    MD5: 6372482ada378c5218da2dd99a09655d
    SHA-256: 62066560debef150e355a4a08bb11e4967b603102df6f35f4d1bfbedab5105af
    Size: 8.07 MB

Asianux Server 8 for x86_64
  1. bind-9.11.20-5.el8.x86_64.rpm
    MD5: 20954ab593b2cbead55960786016ea34
    SHA-256: d068b7f6f07602e667999a990f1e2fbaacc11243bcab9e9c1c9d7876fd6af3ed
    Size: 2.09 MB
  2. bind-chroot-9.11.20-5.el8.x86_64.rpm
    MD5: 94267bff6bf21fcc5fd6bb77fb5e802c
    SHA-256: 32aa4cbde8ba3486a01b751415ce308e066602eb854500dc6f855338da4955ae
    Size: 102.03 kB
  3. bind-devel-9.11.20-5.el8.x86_64.rpm
    MD5: c28dcf607e09204fa274877d6596a441
    SHA-256: 7e3de441fb61b786af2a6cc60e9277964d54fe0718bf313cd5aec3d9dac6b3cc
    Size: 175.06 kB
  4. bind-export-devel-9.11.20-5.el8.x86_64.rpm
    MD5: 512803192f9bd2fe8f0c702ed2a176fc
    SHA-256: 4cfba53268544c60ed15dac35634a5c19c424dbb2125d80720051775832b380e
    Size: 403.55 kB
  5. bind-export-libs-9.11.20-5.el8.x86_64.rpm
    MD5: d35c462c965a2037a291f625b348336c
    SHA-256: 566b18024883c6a7f31197e0cc55c649887a28b1bc1f2229af726b014bc22cc9
    Size: 1.13 MB
  6. bind-libs-9.11.20-5.el8.x86_64.rpm
    MD5: 37a3944c0f1071b9cc0bebecc03402ad
    SHA-256: 928187725ae6824210c3436ed509acb45f99bad3ac9c567cababdc2b23ed4785
    Size: 171.21 kB
  7. bind-libs-lite-9.11.20-5.el8.x86_64.rpm
    MD5: ddf51adc7a52c31a1ba285b62c23fdf8
    SHA-256: 1d3c9b903a05b9ed73e915f7682aeb4b38a6c990106f2d328afe2aff5c9093fa
    Size: 1.17 MB
  8. bind-license-9.11.20-5.el8.noarch.rpm
    MD5: 3793316a51160aa57c376eb5dc033624
    SHA-256: 954e4597d52b248a94fee4a454bb2cc44242265463744931d8864a66d5180a28
    Size: 100.32 kB
  9. bind-lite-devel-9.11.20-5.el8.x86_64.rpm
    MD5: e5b87162cb6dd5f0104cac5346680e56
    SHA-256: 4d59f17c5ec82213b9af20eaf35812ab7a61957c3dff5b97ef480bacea277f32
    Size: 396.68 kB
  10. bind-pkcs11-9.11.20-5.el8.x86_64.rpm
    MD5: 6c55e7bebce2b21465e6434741b9a7df
    SHA-256: 15597393bd43854d59da48ce7bd12643d3d4b42020de4fdd4ce37b633a201e04
    Size: 388.86 kB
  11. bind-pkcs11-devel-9.11.20-5.el8.x86_64.rpm
    MD5: 6b73873e3e2ff7a95c53d0d638c6d383
    SHA-256: c6e6d107894b5f15c87940909b47229e23151a8fd72fabf335fb6b5ff8b89247
    Size: 112.52 kB
  12. bind-pkcs11-libs-9.11.20-5.el8.x86_64.rpm
    MD5: 52b8ff54d3a84881e6aacf8fafe230c1
    SHA-256: 35563c0b53813979de7abd30decc7d2aa3642f7f9e59fb0a503bb260a8cd1ccf
    Size: 1.11 MB
  13. bind-pkcs11-utils-9.11.20-5.el8.x86_64.rpm
    MD5: 7a36410d24c703129db7a4ec3e0bf1fe
    SHA-256: e622c4e08dd7efd6eb372d572158439c4bbd30d61ab563f775bf7772dc1bd299
    Size: 257.60 kB
  14. bind-sdb-9.11.20-5.el8.x86_64.rpm
    MD5: e67ddb0feadee57e393e55ea373f96b7
    SHA-256: 2a552612f468aab0748069da6a2f87e8878f6987b59fcfedd27c014bdd4d73b7
    Size: 449.16 kB
  15. bind-sdb-chroot-9.11.20-5.el8.x86_64.rpm
    MD5: 163371f6cd1df14fccd7bb5a0018a6a4
    SHA-256: f12b3a9a776530100c03ed8814abf8657c6126afb674f0e6f5cc12fcc93a428d
    Size: 102.04 kB
  16. bind-utils-9.11.20-5.el8.x86_64.rpm
    MD5: aa4d860e8a57f78e97fcbfdafd3f1309
    SHA-256: 6fe82f00b43f6efe4934698d4f89b56758daa3e348dcbf087e676db5addcd9bc
    Size: 443.10 kB
  17. python3-bind-9.11.20-5.el8.noarch.rpm
    MD5: f489ce9a3ad1b166c98b4ad07486ecf3
    SHA-256: 20ef415da352a2dee4ce5ad7e095e246d56b3233d16fa189d06490736c434d50
    Size: 147.59 kB
Copyright© 2007-2015 Asianux. All rights reserved.