Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

openSUSE Leap 15.2: 2020:2222-1 Moderate: nsd Buffer Overflow

opensuse
Calendar Grey December 10, 2020
Dist Opensuse Esm H88
openSUSE has released an update for nsd addressing two vulnerabilities categorized as moderate risk, with guidelines provided for patch deployment.
An update that fixes two vulnerabilities is now available

Description

This update for nsd fixes the following issues:

nsd was updated to the new upstream release 4.3.4

FEATURES:

- Merge PR #141: ZONEMD RR type.

BUG FIXES:

- Fix that symlink does not interfere with chown of pidfile (boo#1179191,

CVE-2020-28935)

- Fix #128: Fix that the invalid port number is logged for sendmmsg

failed: Invalid argument.

- Fix #133: fix 0-init of local ( stack ) buffer.

- Fix #134: IPV4_MINIMAL_RESPONSE_SIZE vs EDNS_MAX_MESSAGE_LEN.

- Fix to add missing closest encloser NSEC3 for wildcard nodata type DS

answer.

- Fix #138: NSD returns non-EDNS answer when QUESTION is empty.

- Fix #142: NODATA answers missin SOA in authority section after CNAME

chain.

New upstream release 4.3.3:

FEATURES:

- Follow DNS flag day 2020 advice and set default EDNS message size to

1232.

- Merged PR #113 with fixes. Instead of listing an IP-address to listen

on, an interface name...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory moderate update buffer overflow threat mitigation nsd NSD openSUSE patch instructions

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.2:

zypper in -t patch openSUSE-2020-2222=1

- openSUSE Leap 15.1:

zypper in -t patch openSUSE-2020-2222=1

- openSUSE Backports SLE-15-SP2:

zypper in -t patch openSUSE-2020-2222=1

- openSUSE Backports SLE-15-SP1:

zypper in -t patch openSUSE-2020-2222=1

- SUSE Package Hub for SUSE Linux Enterprise 12:

zypper in -t patch openSUSE-2020-2222=1

Package List

- openSUSE Leap 15.2 (x86_64):

nsd-4.3.4-lp152.2.3.1

nsd-debuginfo-4.3.4-lp152.2.3.1

nsd-debugsource-4.3.4-lp152.2.3.1

- openSUSE Leap 15.1 (x86_64):

nsd-4.1.27-lp151.2.3.1

nsd-debuginfo-4.1.27-lp151.2.3.1

nsd-debugsource-4.1.27-lp151.2.3.1

- openSUSE Backports SLE-15-SP2 (aarch64 ppc64le s390x x86_64):

nsd-4.3.4-bp152.2.3.1

nsd-debuginfo-4.3.4-bp152.2.3.1

nsd-debugsource-4.3.4-bp152.2.3.1

- openSUSE Backports SLE-15-SP1 (aarch64 ppc64le s390x x86_64):

nsd-4.1.27-bp151.3.3.1

- SUSE Package Hub for SUSE Linux Enterprise 12 (aarch64 ppc64le s390x x86_64):

nsd-4.3.4-8.1

References

https://www.suse.com/security/cve/CVE-2019-13207.html

https://www.suse.com/security/cve/CVE-2020-28935.html

https://bugzilla.suse.com/1157331

https://bugzilla.suse.com/1179191

openSUSE Security Announce mailing list -- security-announce@lists.opensuse.org

To unsubscribe, email security-announce-leave@lists.opensuse.org

List Netiquette:

List Archives:

Announcement ID: openSUSE-SU-2020:2222-1
Rating: moderate
Affected Products: openSUSE Leap 15.2 openSUSE Leap 15.1 openSUSE Backports SLE-15-SP2 openSUSE Backports SLE-15-SP1 SUSE Package Hub for SUSE Linux Enterprise 12 .

Topics%20covered

Topics Covered

security advisory moderate update buffer overflow threat mitigation nsd NSD openSUSE patch instructions

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here