diff options
| author | Lev Lamberov <dogsleg@debian.org> | 2020-05-20 09:40:34 +0500 |
|---|---|---|
| committer | Lev Lamberov <dogsleg@debian.org> | 2020-05-20 09:40:34 +0500 |
| commit | 139ced0522f792565594fd4bc65bf27ae29bd20d (patch) | |
| tree | a9ef287c9f60e2d85105c6c26ddbd41b59c11539 /english | |
| parent | e1f2faa7586d93bcc8b80311dd121544b49b388f (diff) | |
[SECURITY] [DSA 4689-1] bind9 security update
Diffstat (limited to 'english')
| -rw-r--r-- | english/security/2020/dsa-4689.data | 13 | ||||
| -rw-r--r-- | english/security/2020/dsa-4689.wml | 45 |
2 files changed, 58 insertions, 0 deletions
diff --git a/english/security/2020/dsa-4689.data b/english/security/2020/dsa-4689.data new file mode 100644 index 00000000000..99e842ac06d --- /dev/null +++ b/english/security/2020/dsa-4689.data @@ -0,0 +1,13 @@ +<define-tag pagetitle>DSA-4689-1 bind9</define-tag> +<define-tag report_date>2020-5-19</define-tag> +<define-tag secrefs>CVE-2019-6477 CVE-2020-8616 CVE-2020-8617 Bug#945171</define-tag> +<define-tag packages>bind9</define-tag> +<define-tag isvulnerable>yes</define-tag> +<define-tag fixed>yes</define-tag> +<define-tag fixed-section>no</define-tag> + +#use wml::debian::security + + + +</dl> diff --git a/english/security/2020/dsa-4689.wml b/english/security/2020/dsa-4689.wml new file mode 100644 index 00000000000..ba68834af96 --- /dev/null +++ b/english/security/2020/dsa-4689.wml @@ -0,0 +1,45 @@ +<define-tag description>security update</define-tag> +<define-tag moreinfo> +<p>Several vulnerabilities were discovered in BIND, a DNS server +implementation.</p> + +<ul> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2019-6477">CVE-2019-6477</a> + + <p>It was discovered that TCP-pipelined queries can bypass tcp-client + limits resulting in denial of service.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2020-8616">CVE-2020-8616</a> + + <p>It was discovered that BIND does not sufficiently limit the number + of fetches performed when processing referrals. An attacker can take + advantage of this flaw to cause a denial of service (performance + degradation) or use the recursing server in a reflection attack with + a high amplification factor.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2020-8617">CVE-2020-8617</a> + + <p>It was discovered that a logic error in the code which checks TSIG + validity can be used to trigger an assertion failure, resulting in + denial of service.</p></li> + +</ul> + +<p>For the oldstable distribution (stretch), these problems have been fixed +in version 1:9.10.3.dfsg.P4-12.3+deb9u6.</p> + +<p>For the stable distribution (buster), these problems have been fixed in +version 1:9.11.5.P4+dfsg-5.1+deb10u1.</p> + +<p>We recommend that you upgrade your bind9 packages.</p> + +<p>For the detailed security status of bind9 please refer to +its security tracker page at: +<a href="https://security-tracker.debian.org/tracker/bind9">\ +https://security-tracker.debian.org/tracker/bind9</a></p> +</define-tag> + +# do not modify the following line +#include "$(ENGLISHDIR)/security/2020/dsa-4689.data" +# $Id: $ |