MGASA-2021-0110 - Updated bind packages fix security vulnerability

Publication date: 04 Mar 2021
URL: https://advisories.mageia.org/MGASA-2021-0110.html
Type: security
Affected Mageia releases: 7, 8
CVE: CVE-2020-8625

A buffer overflow vulnerability was discovered in the SPNEGO implementation
affecting the GSSAPI security policy negotiation in BIND, which could result in
denial of service (daemon crash), or potentially the execution of arbitrary
code (CVE-2020-8625).

The default configuration is not vulnerable to this issue, but it is if the
tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options are set.

References:
- https://bugs.mageia.org/show_bug.cgi?id=28394
- https://kb.isc.org/docs/cve-2020-8625
- https://www.debian.org/security/2021/dsa-4857
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8625

SRPMS:
- 7/core/bind-9.11.6-1.3.mga7
- 8/core/bind-9.11.27-1.1.mga8