ALT-BU-2022-6996-1
Branch sisyphus update bulletin.
Closed vulnerabilities
BDU:2022-06120
Уязвимость реализации технологии DNSSEC сервера DNS BIND, позволяющая нарушителю выполнить атаку типа «отказ в обслуживании»
BDU:2022-06121
Уязвимость реализации технологии DNSSEC сервера DNS BIND, позволяющая нарушителю выполнить атаку типа «отказ в обслуживании»
BDU:2022-06124
Уязвимость сервера DNS BIND, связанная с неправильным управлением внутренними ресурсами, позволяющая нарушителю выполнить атаку типа «отказ в обслуживании» (DoS)
Modified: 2024-11-29
CVE-2022-2795
By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.
- [oss-security] 20220921 ISC has disclosed six vulnerabilities in BIND (CVE-2022-2795, CVE-2022-2881, CVE-2022-2906, CVE-2022-3080, CVE-2022-38177, CVE-2022-38178)
- [oss-security] 20220921 ISC has disclosed six vulnerabilities in BIND (CVE-2022-2795, CVE-2022-2881, CVE-2022-2906, CVE-2022-3080, CVE-2022-38177, CVE-2022-38178)
- https://kb.isc.org/docs/cve-2022-2795
- https://kb.isc.org/docs/cve-2022-2795
- [debian-lts-announce] 20221005 [SECURITY] [DLA 3138-1] bind9 security update
- [debian-lts-announce] 20221005 [SECURITY] [DLA 3138-1] bind9 security update
- FEDORA-2022-ef038365de
- FEDORA-2022-ef038365de
- FEDORA-2022-8268735e06
- FEDORA-2022-8268735e06
- FEDORA-2022-b197d64471
- FEDORA-2022-b197d64471
- GLSA-202210-25
- GLSA-202210-25
- https://security.netapp.com/advisory/ntap-20241129-0002/
- DSA-5235
- DSA-5235
Modified: 2024-11-21
CVE-2022-38177
By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.
- [oss-security] 20220921 ISC has disclosed six vulnerabilities in BIND (CVE-2022-2795, CVE-2022-2881, CVE-2022-2906, CVE-2022-3080, CVE-2022-38177, CVE-2022-38178)
- https://kb.isc.org/docs/cve-2022-38177
- [debian-lts-announce] 20221005 [SECURITY] [DLA 3138-1] bind9 security update
- FEDORA-2022-ef038365de
- FEDORA-2022-8268735e06
- FEDORA-2022-b197d64471
- GLSA-202210-25
- https://security.netapp.com/advisory/ntap-20221228-0010/
- DSA-5235
- [oss-security] 20220921 ISC has disclosed six vulnerabilities in BIND (CVE-2022-2795, CVE-2022-2881, CVE-2022-2906, CVE-2022-3080, CVE-2022-38177, CVE-2022-38178)
- DSA-5235
- https://security.netapp.com/advisory/ntap-20221228-0010/
- GLSA-202210-25
- FEDORA-2022-b197d64471
- FEDORA-2022-8268735e06
- FEDORA-2022-ef038365de
- [debian-lts-announce] 20221005 [SECURITY] [DLA 3138-1] bind9 security update
- https://kb.isc.org/docs/cve-2022-38177
Modified: 2024-11-21
CVE-2022-38178
By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.
- [oss-security] 20220921 ISC has disclosed six vulnerabilities in BIND (CVE-2022-2795, CVE-2022-2881, CVE-2022-2906, CVE-2022-3080, CVE-2022-38177, CVE-2022-38178)
- https://kb.isc.org/docs/cve-2022-38178
- [debian-lts-announce] 20221005 [SECURITY] [DLA 3138-1] bind9 security update
- FEDORA-2022-ef038365de
- FEDORA-2022-8268735e06
- FEDORA-2022-b197d64471
- GLSA-202210-25
- https://security.netapp.com/advisory/ntap-20221228-0009/
- DSA-5235
- [oss-security] 20220921 ISC has disclosed six vulnerabilities in BIND (CVE-2022-2795, CVE-2022-2881, CVE-2022-2906, CVE-2022-3080, CVE-2022-38177, CVE-2022-38178)
- DSA-5235
- https://security.netapp.com/advisory/ntap-20221228-0009/
- GLSA-202210-25
- FEDORA-2022-b197d64471
- FEDORA-2022-8268735e06
- FEDORA-2022-ef038365de
- [debian-lts-announce] 20221005 [SECURITY] [DLA 3138-1] bind9 security update
- https://kb.isc.org/docs/cve-2022-38178
Closed bugs
Closed vulnerabilities
BDU:2022-05776
Уязвимость компонента mpz/inp_raw.c библиотеки арифметических операций GMP на 32-разрядных платформах, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2021-43618
GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.
- 20221016 Re: over 2000 packages depend on abort()ing libgmp
- 20221016 Re: over 2000 packages depend on abort()ing libgmp
- [oss-security] 20221013 Re: sagemath denial of service with abort() in gmp: overflow in mpz type
- [oss-security] 20221013 Re: sagemath denial of service with abort() in gmp: overflow in mpz type
- https://bugs.debian.org/994405
- https://bugs.debian.org/994405
- https://gmplib.org/list-archives/gmp-bugs/2021-September/005077.html
- https://gmplib.org/list-archives/gmp-bugs/2021-September/005077.html
- https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e
- https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e
- [debian-lts-announce] 20211202 [SECURITY] [DLA 2837-1] gmp security update
- [debian-lts-announce] 20211202 [SECURITY] [DLA 2837-1] gmp security update
- GLSA-202309-13
- GLSA-202309-13
- https://security.netapp.com/advisory/ntap-20221111-0001/
- https://security.netapp.com/advisory/ntap-20221111-0001/