Lucene search

RedHatRHSA-2020:5203

HistoryNov 24, 2020 - 9:50 a.m.

(RHSA-2020:5203) Moderate: bind security update

2020-11-2409:50:37

access.redhat.com

143

bind

domain name system

security fix

assertion failure

update-policy rules

cve-2020-8622

cve-2020-8623

cve-2020-8624

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.024

Percentile

90.1%

JSON

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.

Security Fix(es):

bind: truncated TSIG response can lead to an assertion failure (CVE-2020-8622)
bind: remotely triggerable assertion failure in pk11.c (CVE-2020-8623)
bind: incorrect enforcement of update-policy rules of type “subdomain” (CVE-2020-8624)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat7ppc64bind-sdb< 9.11.4-9.P2.el7_7.3bind-sdb-9.11.4-9.P2.el7_7.3.ppc64.rpm
RedHat7i686bind-libs< 9.11.4-9.P2.el7_7.3bind-libs-9.11.4-9.P2.el7_7.3.i686.rpm
RedHat7i686bind-lite-devel< 9.11.4-9.P2.el7_7.3bind-lite-devel-9.11.4-9.P2.el7_7.3.i686.rpm
RedHat7ppc64bind-export-libs< 9.11.4-9.P2.el7_7.3bind-export-libs-9.11.4-9.P2.el7_7.3.ppc64.rpm
RedHat7s390xbind-libs< 9.11.4-9.P2.el7_7.3bind-libs-9.11.4-9.P2.el7_7.3.s390x.rpm
RedHat7x86_64bind-export-libs< 9.11.4-9.P2.el7_7.3bind-export-libs-9.11.4-9.P2.el7_7.3.x86_64.rpm
RedHat7x86_64bind-devel< 9.11.4-9.P2.el7_7.3bind-devel-9.11.4-9.P2.el7_7.3.x86_64.rpm
RedHat7s390xbind-sdb< 9.11.4-9.P2.el7_7.3bind-sdb-9.11.4-9.P2.el7_7.3.s390x.rpm
RedHat7x86_64bind-debuginfo< 9.11.4-9.P2.el7_7.3bind-debuginfo-9.11.4-9.P2.el7_7.3.x86_64.rpm
RedHat7ppc64lebind-libs-lite< 9.11.4-9.P2.el7_7.3bind-libs-lite-9.11.4-9.P2.el7_7.3.ppc64le.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	7	ppc64	bind-sdb	< 9.11.4-9.P2.el7_7.3	bind-sdb-9.11.4-9.P2.el7_7.3.ppc64.rpm
RedHat	7	i686	bind-libs	< 9.11.4-9.P2.el7_7.3	bind-libs-9.11.4-9.P2.el7_7.3.i686.rpm
RedHat	7	i686	bind-lite-devel	< 9.11.4-9.P2.el7_7.3	bind-lite-devel-9.11.4-9.P2.el7_7.3.i686.rpm
RedHat	7	ppc64	bind-export-libs	< 9.11.4-9.P2.el7_7.3	bind-export-libs-9.11.4-9.P2.el7_7.3.ppc64.rpm
RedHat	7	s390x	bind-libs	< 9.11.4-9.P2.el7_7.3	bind-libs-9.11.4-9.P2.el7_7.3.s390x.rpm
RedHat	7	x86_64	bind-export-libs	< 9.11.4-9.P2.el7_7.3	bind-export-libs-9.11.4-9.P2.el7_7.3.x86_64.rpm
RedHat	7	x86_64	bind-devel	< 9.11.4-9.P2.el7_7.3	bind-devel-9.11.4-9.P2.el7_7.3.x86_64.rpm
RedHat	7	s390x	bind-sdb	< 9.11.4-9.P2.el7_7.3	bind-sdb-9.11.4-9.P2.el7_7.3.s390x.rpm
RedHat	7	x86_64	bind-debuginfo	< 9.11.4-9.P2.el7_7.3	bind-debuginfo-9.11.4-9.P2.el7_7.3.x86_64.rpm
RedHat	7	ppc64le	bind-libs-lite	< 9.11.4-9.P2.el7_7.3	bind-libs-lite-9.11.4-9.P2.el7_7.3.ppc64le.rpm