Mageia 2021-0560: bind security update | LinuxSecurity.com

Advisories

MGASA-2021-0560 - Updated bind packages fix security vulnerability

Publication date: 19 Dec 2021
URL: https://advisories.mageia.org/MGASA-2021-0560.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2021-25219

Updated bind packages fix security vulnerability:

Kishore Kumar Kothapalli discovered that the lame server cache in BIND,
a DNS server implementation, can be abused by an attacker to significantly
degrade resolver performance, resulting in denial of service (large delays
for responses for client queries and DNS timeouts on client hosts)
(CVE-2021-25219).

References:
- https://bugs.mageia.org/show_bug.cgi?id=29427
- https://kb.isc.org/docs/cve-2021-25219
- https://www.debian.org/security/2021/dsa-4994
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25219

SRPMS:
- 8/core/bind-9.11.36-1.1.mga8

Mageia 2021-0560: bind security update

Summary

Updated bind packages fix security vulnerability:
Kishore Kumar Kothapalli discovered that the lame server cache in BIND, a DNS server implementation, can be abused by an attacker to significantly degrade resolver performance, resulting in denial of service (large delays for responses for client queries and DNS timeouts on client hosts) (CVE-2021-25219).

References

- https://bugs.mageia.org/show_bug.cgi?id=29427

- https://kb.isc.org/docs/cve-2021-25219

- https://www.debian.org/security/2021/dsa-4994

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25219

Resolution

MGASA-2021-0560 - Updated bind packages fix security vulnerability

SRPMS

- 8/core/bind-9.11.36-1.1.mga8

Severity
Publication date: 19 Dec 2021
URL: https://advisories.mageia.org/MGASA-2021-0560.html
Type: security
CVE: CVE-2021-25219

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.