Mageia 2022-0388: bind security update | LinuxSecurity.com

What Are You Looking For?

Popular Tags

Contribute
MGASA-2022-0388 - Updated bind packages fix security vulnerability

Publication date: 23 Oct 2022
URL: https://advisories.mageia.org/MGASA-2022-0388.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2022-2795,
     CVE-2022-38177,
     CVE-2022-38178

By flooding the target resolver with queries exploiting this flaw an
attacker can significantly impair the resolver's performance,
effectively denying legitimate clients access to the DNS resolution
service. (CVE-2022-2795)

By spoofing the target resolver with responses that have a malformed ECDSA
signature, an attacker can trigger a small memory leak. It is possible to
gradually erode available memory to the point where named crashes for lack
of resources. (CVE-2022-38177, CVE-2022-38178)

References:
- https://bugs.mageia.org/show_bug.cgi?id=30877
- https://kb.isc.org/docs/cve-2022-2795
- https://kb.isc.org/docs/cve-2022-38177
- https://kb.isc.org/docs/cve-2022-38178
- https://ubuntu.com/security/notices/USN-5626-1
- https://www.debian.org/lts/security/2022/dla-3138
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2795
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38177
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38178

SRPMS:
- 8/core/bind-9.11.37-1.1.mga8

Mageia 2022-0388: bind security update

By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to ...

Summary

By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service. (CVE-2022-2795)
By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. (CVE-2022-38177, CVE-2022-38178)

References

- https://bugs.mageia.org/show_bug.cgi?id=30877

- https://kb.isc.org/docs/cve-2022-2795

- https://kb.isc.org/docs/cve-2022-38177

- https://kb.isc.org/docs/cve-2022-38178

- https://ubuntu.com/security/notices/USN-5626-1

- https://www.debian.org/lts/security/2022/dla-3138

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2795

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38177

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38178

Resolution

MGASA-2022-0388 - Updated bind packages fix security vulnerability

SRPMS

- 8/core/bind-9.11.37-1.1.mga8

Severity
Publication date: 23 Oct 2022
URL: https://advisories.mageia.org/MGASA-2022-0388.html
Type: security
CVE: CVE-2022-2795, CVE-2022-38177, CVE-2022-38178

Related News

IceFire Ransomware Portends a Broader Shift From Windows to Linux

IceFire Ransomware Now Encrypts Both Linux and Windows Systems

Linux Support Expands Cyber Spy Group's Arsenal

BlackBerry: Cyberattacks Are Being Launched Once Every Minute

News

Advisories

HOWTOs

Features

Verifying Linux Server Security: What Every Admin Needs to Know
What Linux, Windows & Mac OS Users Need to Know About VPNs
Complete Guide to Vulnerability Basics
How To Get Live Updates on Critical Linux Security Advisories
Best Linux Backup Solutions to Prevent Data Loss in A Ransomware Attack

About Us

Powered By

Footer Logo

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

Learn More About Our Cookie Policy