Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
199
security advisorysoftware updateupdate informationCentOS 7 CESA-2021-3325 Moderate: Bind Package Update Overview
Upstream details at : https://access.redhat.com/errata/RHSA-2021:3325. CentOS Errata and Security Advisory 2021:3325 Moderate Upstream details at : https://access.redhat.com/errata/RHSA-2021:3325 The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 7200ad28455e7f8044a9521a187ff712e7d782e9a38db84d1c18e9b54e7a9a28 bind-9.11.4-26.P2.el7_9.7.x86_64.rpm ae6ecf30bc0a1b8e2c0c2d8702e3eaf7db4864987e02a301446311ff1594d050 bind-chroot-9.11.4-26.P2.el7_9.7.x86_64.rpm dfe4993ac8d4d097c4e5e97fc006d27039a6a3d4cc79f87f4d56c9e79afd3a86 bind-devel-9.11.4-26.P2.el7_9.7.i686.rpm 337b3b492087333d675bf644cd7cab27fad998fd2eb5f3f1064b766e5fbf85c1 bind-devel-9.11.4-26.P2.el7_9.7.x86_64.rpm 620e6945f7639eacc1508005775c37d66e64ae3f5ec915e87d132a17a45d3999 bind-export-devel-9.11.4-26.P2.el7_9.7.i686.rpm ddbc53b44a7ec6dd175840df4ba96e8440a167aca06195e38f9ce8e768f82f30 bind-export-devel-9.11.4-26.P2.el7_9.7.x86_64.rpm d1270ff691bc97bc9a737c8556081408a04f2a325ffb0db2fb561a7add15d0e6 bind-export-libs-9.11.4-26.P2.el7_9.7.i686.rpm 5af6b82a47585513d5a6a8ccc974d524ebc2a67fba642652aa75b566045b004c bind-export-libs-9.11.4-26.P2.el7_9.7.x86_64.rpm fc93fa73ee589349b26030b1fd56173975859786d624ddeaf826606e99c8b4f3 bind-libs-9.11.4-26.P2.el7_9.7.i686.rpm 2c72fd0a8014e13440ebde0c0ae037cea29cc8aa567b3723619486dc2040f9e5 bind-libs-9.11.4-26.P2.el7_9.7.x86_64.rpm 23886775cbbf0f0b980d7e700a1fa3cce9ae8149522a191554e770fe0acf1813 bind-libs-lite-9.11.4-26.P2.el7_9.7.i686.rpm f9e741d7af4fbcb102cf759697c858701bf8839ced08a5f62c9415ac5de9dda3 bind-libs-lite-9.11.4-26.P2.el7_9.7.x86_64.rpm 417df6c01f4373a219da10ea1df04e2565b5b27e4710818aa6718065c174f25f bind-license-9.11.4-26.P2.el7_9.7.noarch.rpm f0c0b3f210497c3d560f42df97307f09afe0cd687c2e08ebc1cb7b03e28b8319 bind-lite-devel-9.11.4-26.P2.el7_9.7.i686.rpm 9744361dc7129978289b5a40fcacd9f52369b57774ec2256bc3c078d4d6e8f03 bind-lite-devel-9.11.4-26.P2.el7_9.7.x86_64.rpm 4d2dbd65fa67b8c23648a188f830340cc1da72b5dbc71795229022de0ff9720d bind-pkcs11-9.11.4-26.P2.el7_9.7.x86_64.rpm d4718c0bcf9365bfcd07e9c307952a12ae32802cbc6bde5707222c30c90cbb85 bind-pkcs11-devel-9.11.4-26.P2.el7_9.7.i686.rpm 5ca5234e59243cc5ced75e11bc9ad434a82d86c5fa5eab71a130bd3c3ae49334 bind-pkcs11-devel-9.11.4-26.P2.el7_9.7.x86_64.rpm 3d4d0d965fc073d950dd63507c1b1287648ef59c103d02cf09891c04bd99e930 bind-pkcs11-libs-9.11.4-26.P2.el7_9.7.i686.rpm 32f0185e8d6a9ab586922827519f1f38fb921fcaff260385904d3e61dd029d44 bind-pkcs11-libs-9.11.4-26.P2.el7_9.7.x86_64.rpm f7789c32ac34827df4b6c180e845361bb70aa1fcbc165a6c2a533559f2bc3f76 bind-pkcs11-utils-9.11.4-26.P2.el7_9.7.x86_64.rpm ca5ee1ff2a858d3eaf6bbed3a7c0421519183d99018689b9d2bfb4f8b2bdb122 bind-sdb-9.11.4-26.P2.el7_9.7.x86_64.rpm 850be6d438290af4b3c31805a40c2f8a88e4e751bafa1bb02b6b884736f80ef2 bind-sdb-chroot-9.11.4-26.P2.el7_9.7.x86_64.rpm 0834c02bc349eaabe64a4015d07ee7cbcf7776a68766e81cd93be0a58c7d5465 bind-utils-9.11.4-26.P2.el7_9.7.x86_64.rpm Source: e3a2f06f743ffed5ef8e29fc9cd18fbf075c9e6fac1f47cceac97e15598c3cbb bind-9.11.4-26.P2.el7_9.7.src.rpm -- Johnny Hughes CentOS Project { https://www.centos.org/ } irc: hughesjr, #
Sep 01, 2021
CentOS
198
security advisorydenial of serviceupdateArch Linux: 201805-20 Medium Severity Bind DoS Attack Risk
The package bind before version 9.12.1.P2-1 is vulnerable to denial of service. . Arch Linux Security Advisory ASA-201805-20 ========================================= Severity: Medium Date : 2018-05-20 CVE-ID : CVE-2018-5736 CVE-2018-5737 Package : bind Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-706 Summary ====== The package bind before version 9.12.1.P2-1 is vulnerable to denial of service. Resolution ========= Upgrade to 9.12.1.P2-1. # pacman -Syu "bind> =9.12.1.P2-1" The problems have been fixed upstream in version 9.12.1.P2. Workaround ========= - CVE-2018-5736 For servers which must receive notifies to keep slave zone contents current, no complete workarounds are known although restricting BIND to only accept NOTIFY messages from authorised sources can greatly mitigate the risk of attack. - CVE-2018-5737 Setting "max-stale-ttl 0;" in named.conf will prevent exploitation of this vulnerability (but will effectively disable the serve-stale feature.) Description ========== - CVE-2018-5736 (denial of service) An error in zone database reference counting can lead to an assertion failure if a server which is running an affected version of BIND attempts several transfers of a slave zone in quick succession. - CVE-2018-5737 (denial of service) A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale- answer-enable is off. Impact ===== A remote attacker is able to cause a denial of service via crafted queries. References ========= https://marc.info/ https://security.archlinux.org/CVE-2018-5736 https://security.archlinux.org/CVE-2018-5737 . The Arch Linux Security Advisory ASA-202305-15 outlines a critical risk associated with OpenSSH's high severity remote exploitation issue.. bind package update, denial of service fix, Arch Linux advisory. . Severity: Medium. LinuxSecurity.com Team
May 24, 2018
•Medium
ArchLinux
198
security advisorydenial of servicehigh severityArch Linux: 2016-09-29 Critical Bind Denial of Service Advisory
The package bind before version 9.10.4.P3-1 is vulnerable to denial of service. . Arch Linux Security Advisory ASA-201609-29 ========================================= Severity: High Date : 2016-09-27 CVE-ID : CVE-2016-2776 Package : bind Type : denial of service Remote : Yes Link : https://wiki.archlinux.org/title/CVE Summary ====== The package bind before version 9.10.4.P3-1 is vulnerable to denial of service. Resolution ========= Upgrade to 9.10.4.P3-1. # pacman -Syu "bind> =9.10.4.P3-1" The problem has been fixed upstream in version 9.10.4.P3. Workaround ========= None. Description ========== Testing by ISC has uncovered a critical error condition which can occur when a nameserver is constructing a response. A defect in the rendering of messages into packets can cause 'named' to exit with an assertion failure in buffer.c while constructing a response to a query that meets certain criteria. This assertion can be triggered even if the apparent source address isn't allowed to make queries (i.e. doesn't match 'allow-query'). Impact ===== A remote attacker is able to perform a denial of service attack via a specially crafted request. References ========= https://access.redhat.com/security/cve/CVE-2016-2776 . Fedora security notice for openssh package emphasizes a critical vulnerability that could allow remote exploitation with suggested fixes.. Arch Linux, Bind Package, Denial of Service, Software Upgrade, High Severity. . LinuxSecurity.com Team
Sep 27, 2016
ArchLinux
99
security advisorycritical issueOpenSSLSlackware 14.1: 2015-354-01 Urgent OpenSSL Package Security Notification
New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] bind (SSA:2015-349-01) New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/bind-9.9.8_P2-x86_64-1_slack14.1.txz: Upgraded. This update fixes three security issues: Update allowed OpenSSL versions as named is potentially vulnerable to CVE-2015-3193. Insufficient testing when parsing a message allowed records with an incorrect class to be be accepted, triggering a REQUIRE failure when those records were subsequently cached. (CVE-2015-8000) Address fetch context reference count handling error on socket error. (CVE-2015-8461) For more information, see: https://www.cve.org/CVERecord?id=CVE-2015-3193 https://www.cve.org/CVERecord?id=CVE-2015-8000 https://www.cve.org/CVERecord?id=CVE-2015-8461 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 13.0: Updated package for Slackware x86_64 13.0: Updated package for Slackware 13.1: Updated package for Slackware x86_64 13.1: Updated package for Slackware 13.37: Updated package for Slackware x86_64 13.37: Updated package for Slackware 14.0: Updated package for Slackware x86_64 14.0: Updated package for Slackware 14.1: Updated package for Slackware x86_64 14.1: Updated package for Slackware -current: Updated package for Slackware x86_64 -current: MD5 signatures: +-------------+ Slackware 13.0 package: ef466df7b5c30de3b1823ae2ef7c0820 bind-9.9.8_P2-i486-1_slack13.0.txz Slackware x86_64 13.0 package: 4d6fd1a921302be279fb00b8f3c5209f bind-9.9.8_P2-x86_64-1_slack13.0.txz Slackware 13.1 package: de9cea0aaf0123e1b480582a97b5a483 bind-9.9.8_P2-i486-1_slack13.1.txz Slackware x86_64 13.1 package: 3d06836402ee2265194d819bf59ebef5 bind-9.9.8_P2-x86_64-1_slack13.1.txz Slackware 13.37 package: 084270843411521f1d5f7dfee0faf05a bind-9.9.8_P2-i486-1_slack13.37.txz Slackware x86_64 13.37 package: 2cb2bfdb94e52725bccecea29e5a5bc1 bind-9.9.8_P2-x86_64-1_slack13.37.txz Slackware 14.0 package: b653a7dd7b8591ccbd434bb2ec2e395f bind-9.9.8_P2-i486-1_slack14.0.txz Slackware x86_64 14.0 package: d6db5ba1f2c1ae0c99457b1866d9b752 bind-9.9.8_P2-x86_64-1_slack14.0.txz Slackware 14.1 package: ffaf96b22a3148f23d6cb0349c4fa745 bind-9.9.8_P2-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 5382418d8d2044f567934b24f280592b bind-9.9.8_P2-x86_64-1_slack14.1.txz Slackware -current package: 8a998dd407304fb10e8df8c92655ff54 n/bind-9.10.3_P2-i586-1.txz Slackware x86_64 -current package: 545b71ea3107b6a7796fb21cf1dfd311 n/bind-9.10.3_P2-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg bind-9.9.8_P2-i486-1_slack14.1.txz Then, restart the name server: # /etc/rc.d/rc.bind restart +-----+ . Recent updates for Arch Linux tackle significant security flaws, particularly regarding OpenSSH weaknesses and network service interruptions.. Bind Package Security, Slackware Updates, Network Service Issues. . Severity: Critical. LinuxSecurity.com Team
Dec 16, 2015
•Critical
Slackware
99
security advisorydenial of serviceOpenSSLSlackware 13.0 to 14.1 High: Bind Security Advisory 2015-111-01
New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] bind (SSA:2015-111-01) New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/bind-9.9.6_P2-i486-1_slack14.1.txz: Upgraded. Fix some denial-of-service and other security issues. For more information, see: https://kb.isc.org/docs/aa-01166 https://kb.isc.org/docs/aa-01161 https://kb.isc.org/docs/aa-01167 https://www.cve.org/CVERecord?id=CVE-2015-1349 https://www.cve.org/CVERecord?id=CVE-2014-8500 https://www.cve.org/CVERecord?id=CVE-2014-8680 https://www.cve.org/CVERecord?id=CVE-2014-3214 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 13.0: Updated package for Slackware x86_64 13.0: Updated package for Slackware 13.1: Updated package for Slackware x86_64 13.1: Updated package for Slackware 13.37: Updated package for Slackware x86_64 13.37: Updated package for Slackware 14.0: Updated package for Slackware x86_64 14.0: Updated package for Slackware 14.1: Updated package for Slackware x86_64 14.1: Updated package for Slackware -current: Updated package for Slackware x86_64 -current: MD5 signatures: +-------------+ Slackware 13.0 package: 409f093c9b35cabad287327ad3aaf426 bind-9.9.6_P2-i486-1_slack13.0.txz Slackware x86_64 13.0 package: 1bee65570447f21f4fe73a8df91d15eb bind-9.9.6_P2-x86_64-1_slack13.0.txz Slackware 13.1 package: 6caaad4788de51f77a391b3f9ce1f639 bind-9.9.6_P2-i486-1_slack13.1.txz Slackware x86_64 13.1 package: 47d6656f5dab791b826fbff1aac17e44 bind-9.9.6_P2-x86_64-1_slack13.1.txz Slackware 13.37 package: bccb04bab7be8ab02b9623b75f1f5d1e bind-9.9.6_P2-i486-1_slack13.37.txz Slackware x86_64 13.37 package: 593a2e762e7ed1cb15f8286fea25b98f bind-9.9.6_P2-x86_64-1_slack13.37.txz Slackware 14.0 package: 5166d66c87a14c561898e65037e1f509 bind-9.9.6_P2-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 03c6787c991f063c95401578e9b3ff82 bind-9.9.6_P2-x86_64-1_slack14.0.txz Slackware 14.1 package: afe0884910ba3177fc760e940eee8f70 bind-9.9.6_P2-i486-1_slack14.1.txz Slackware x86_64 14.1 package: ce0c341a39382c43bd23fc59e6937cce bind-9.9.6_P2-x86_64-1_slack14.1.txz Slackware -current package: d4f3b5ec462119e670fb95325566765d n/bind-9.10.2-i486-1.txz Slackware x86_64 -current package: f604392171654a69ade08e76c46425ef n/bind-9.10.2-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg bind-9.9.6_P2-i486-1_slack14.1.txz Then, restart the name server: # /etc/rc.d/rc.bind restart +-----+ . Updates addressing vulnerabilities in bind have now been released for multiple Slackware versions to maintain security.. Slackware, Bind Package, Denial Of Service Fix. . LinuxSecurity.com Team
Apr 22, 2015
Slackware
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!