- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2355-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Thorsten Alteholz
August 29, 2020 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : bind9
Version : 1:9.10.3.dfsg.P4-12.3+deb9u7
CVE ID : CVE-2020-8622 CVE-2020-8623
Two issues have been found in bind9, an Internet Domain Name Server.
CVE-2020-8622
Crafted responses to TSIG-signed requests could lead to an assertion
failure, causing the server to exit. This could be done by malicious
server operators or guessing attackers.
CVE-2020-8623
An assertions failure, causing the server to exit, can be exploited
by a query for an RSA signed zone.
For Debian 9 stretch, these problems have been fixed in version
1:9.10.3.dfsg.P4-12.3+deb9u7.
We recommend that you upgrade your bind9 packages.
For the detailed security status of bind9 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/bind9
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Debian LTS: DLA-2355-1: bind9 security update
August 29, 2020
Two issues have been found in bind9, an Internet Domain Name Server
Summary
Two issues have been found in bind9, an Internet Domain Name Server.
CVE-2020-8622
Crafted responses to TSIG-signed requests could lead to an assertion
failure, causing the server to exit. This could be done by malicious
server operators or guessing attackers.
CVE-2020-8623
An assertions failure, causing the server to exit, can be exploited
by a query for an RSA signed zone.
For Debian 9 stretch, these problems have been fixed in version
1:9.10.3.dfsg.P4-12.3+deb9u7.
We recommend that you upgrade your bind9 packages.
For the detailed security status of bind9 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/bind9
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Severity
Package : bind9
Version : 1:9.10.3.dfsg.P4-12.3+deb9u7
CVE ID : CVE-2020-8622 CVE-2020-8623
News
HOWTOs
About Us
Powered By
