Mageia 2019-0299: bind security update

    Date 23 Oct 2019
    381
    Posted By LinuxSecurity Advisories
    Updated bind packages fix security vulnerabilities Limiting simultaneous TCP clients is ineffective (CVE-2018-5743) Race condition when discarding malformed packets can cause bind to
    MGASA-2019-0299 - Updated bind packages fix security vulnerabilities
    
    Publication date: 23 Oct 2019
    URL: https://advisories.mageia.org/MGASA-2019-0299.html
    Type: security
    Affected Mageia releases: 7
    CVE: CVE-2018-5743,
         CVE-2019-6471
    
    Updated bind packages fix security vulnerabilities
    
    Limiting simultaneous TCP clients is ineffective (CVE-2018-5743)
    
    Race condition when discarding malformed packets can cause bind to
    exit with assertion failure (CVE-2019-6471)
    
    In addition to those two security issues, this package releases also
    fixes two additional issues:
    - a missing conflict tag between old bind and bnew ind-utils subpackages,
      preventing upgrade due to a file conflict
    - missing root.key file, despite this one being refered in default
      configuration
    
    References:
    - https://bugs.mageia.org/show_bug.cgi?id=24422
    - https://access.redhat.com/errata/RHSA-2019:1294
    - https://access.redhat.com/errata/RHSA-2019:1714
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5743
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6471
    
    SRPMS:
    - 7/core/bind-9.11.6-1.1.mga7
    

    LinuxSecurity Poll

    Are you considering making the switch to Purism's new Librem 14 Linux laptop to improve your security and privacy online?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/31-are-you-considering-making-the-switch-to-purism-s-new-librem-14-linux-laptop-to-improve-your-security-and-privacy-online?task=poll.vote&format=json
    31
    radio
    [{"id":"109","title":"Yes - the hardware kill switches and default ad blocking\/tracking protection sold me on it.","votes":"2","type":"x","order":"1","pct":40,"resources":[]},{"id":"110","title":"Not sure yet - I need to do more research.","votes":"2","type":"x","order":"2","pct":40,"resources":[]},{"id":"111","title":"No - I'm satisfied with my current laptop and have no security\/privacy concerns.","votes":"1","type":"x","order":"3","pct":20,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Advisories

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.