Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

SUSE Linux 15-SP4: 2022:3767-1 Important: Bind Performance Issues

suse
Calendar Grey October 26, 2022
Dist Suse Esm H88
SUSE releases patches for bind to resolve critical vulnerabilities and enhance security through necessary updates tackling various weaknesses.
An update that solves four vulnerabilities, contains one feature and has two fixes is now available

Summary

This update for bind fixes the following issues: Update to release 9.16.33: - CVE-2022-2795: Fixed potential performance degredation due to missing database lookup limits when processing large delegations (bsc#1203614). - CVE-2022-3080: Fixed assertion failure when there was a stale CNAME in the cache for the incoming query and the stale-answer-client-timeout option is set to 0 (bsc#1203618). - CVE-2022-38177: Fixed a memory leak that could be externally triggered in the DNSSEC verification code for the ECDSA algorithm (bsc#1203619). - CVE-2022-38178: Fixed memory leaks that could be externally triggered in the DNSSEC verification code for the EdDSA algorithm (bsc#1203620). - Add systemd drop-in directory for named service (bsc#1201689).

Topics%20covered

Topics Covered

security advisory bind important memory leak SUSE Linux DNSSEC performance issue

References

#1201689 #1203250 #1203614 #1203618 #1203619

#1203620 SLE-24600

Cross- CVE-2022-2795 CVE-2022-3080 CVE-2022-38177

CVE-2022-38178

CVSS scores:

CVE-2022-2795 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2022-2795 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CVE-2022-3080 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2022-3080 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2022-38177 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2022-38177 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2022-38178 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2022-38178 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:3767-1
Rating: important

Topics%20covered

Topics Covered

security advisory bind important memory leak SUSE Linux DNSSEC performance issue

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here