MGASA-2021-0220 - Updated bind packages fix security vulnerabilities
Publication date: 23 May 2021
URL: https://advisories.mageia.org/MGASA-2021-0220.html
Type: security
Affected Mageia releases: 7, 8
CVE: CVE-2021-25214,
CVE-2021-25215,
CVE-2021-25216
A broken inbound incremental zone update (IXFR) can cause named to terminate unexpectedly(CVE-2021-25214). Mageia 7 version not affected.
An assertion check can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself (CVE-2021-25215). This affects both versions.
A second vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack (CVE-2021-25216). Mageia 7 version not affected.
References:
- https://bugs.mageia.org/show_bug.cgi?id=28873
- https://access.redhat.com/errata/RHSA-2021:1469
- https://kb.isc.org/v1/docs/cve-2021-25214
- https://kb.isc.org/v1/docs/cve-2021-25215
- https://kb.isc.org/v1/docs/cve-2021-25216
- https://www.openwall.com/lists/oss-security/2021/04/29/1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25214
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25215
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25216
SRPMS:
- 7/core/bind-9.11.6-1.4.mga7
- 8/core/bind-9.11.31-1.1.mga8
Mageia 2021-0220: bind security update
A broken inbound incremental zone update (IXFR) can cause named to terminate unexpectedly(CVE-2021-25214)
Summary
CVE: CVE-2021-25214,
CVE-2021-25215,
CVE-2021-25216
A broken inbound incremental zone update (IXFR) can cause named to terminate unexpectedly(CVE-2021-25214). Mageia 7 version not affected.
An assertion check can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself (CVE-2021-25215). This affects both versions.
A second vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack (CVE-2021-25216). Mageia 7 version not affected.
Resolution
MGASA-2021-0220 - Updated bind packages fix security vulnerabilities
References
- https://bugs.mageia.org/show_bug.cgi?id=28873
- https://access.redhat.com/errata/RHSA-2021:1469
- https://kb.isc.org/v1/docs/cve-2021-25214
- https://kb.isc.org/v1/docs/cve-2021-25215
- https://kb.isc.org/v1/docs/cve-2021-25216
- https://www.openwall.com/lists/oss-security/2021/04/29/1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25214
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25215
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25216
Severity
Issued Date: 23 May 2021
URL: https://advisories.mageia.org/MGASA-2021-0220.html
Type: security
Affected Mageia releases: 7, 8
News
HOWTOs
Features
Secure Linux Hosting for Businesses
What Is Threat Intelligence?
CloudLinux Simplifies & Enhances Linux Security with its TuxCare Unified Enterprise Support Services
LinuxSecurity, Leading Provider of Linux Security News and Information, Unveils its New Website
Biden’s New Executive Cybersecurity Order Highlights the Power of Open-Source Security
About Us
Powered By
