SUSE: 2020:2914-1 Moderate: Bind Security Update Overview
suse
October 13, 2020
An update that solves 12 vulnerabilities, contains one feature and has 8 fixes is now available
Summary
This update for bind fixes the following issues: BIND was upgraded to version 9.16.6: Note: - bind is now more strict in regards to DNSSEC. If queries are not working, check for DNSSEC issues. For instance, if bind is used in a namserver forwarder chain, the forwarding DNS servers must support DNSSEC. Fixing security issues: - CVE-2020-8616: Further limit the number of queries that can be triggered from a request. Root and TLD servers are no longer exempt from max-recursion-queries. Fetches for missing name server. (bsc#1171740) Address records are limited to 4 for any domain. - CVE-2020-8617: Replaying a TSIG BADTIME response as a request could trigger an assertion failure. (bsc#1171740) - CVE-2019-6477: Fixed an issue where TCP-pipelined queries could bypass the tcp-clients limit (bsc#1157051).
References
#1100369 #1109160 #1118367 #1118368 #1128220
#1156205 #1157051 #1161168 #1170667 #1170713
#1171313 #1171740 #1172958 #1173307 #1173311
#1173983 #1175443 #1176092 #1176674 #906079
ECO-1402
Cross- CVE-2017-3136 CVE-2018-5741 CVE-2019-6477
CVE-2020-8616 CVE-2020-8617 CVE-2020-8618
CVE-2020-8619 CVE-2020-8620 CVE-2020-8621
CVE-2020-8622 CVE-2020-8623 CVE-2020-8624
Affected Products:
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Module for Server Applications 15-SP2
SUSE Linux Enterprise Module for Server Applications 15-SP1
SUSE Linux Enterprise Module for Development Tools 15-SP2
SUSE Linux Enterprise Module for Basesystem 15-SP2
SUSE Linux...
Read the Full Advisory
PREVIOUS
NEXT
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!