ALT Linux Team

Package libisc-export-dhcp update in sisyphus on 2020-01-24

ALT-PU-2020-4270-1

Package libisc-export-dhcp updated to version 9.11.15-alt1 for branch sisyphus in task 245007.

Closed vulnerabilities

Published: 2020-02-17
Modified: 2020-12-11

BDU:2020-00612

Уязвимость сервера DNS BIND, связанная с ошибкой управления передачей данных к динамическим зонам (DLZ), позволяющая нарушителю получить доступ к конфиденциальным данным

Severity: MEDIUM (5.3)Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
References:
Published: 2020-02-27
Modified: 2020-12-11

BDU:2020-00773

Уязвимость функции managed-keys сервера DNS BIND, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Severity: LOW (3.5)Vector: AV:N/AC:M/Au:S/C:N/I:N/A:P
References:
Published: 2020-02-27

BDU:2020-00777

Уязвимость сервера DNS BIND, связанная с некорректной обработкой сообщений, имеющих определенную комбинацию опций EDNS, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5)Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH (7.8)Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
References:
Published: 2020-04-10
Modified: 2021-01-13

BDU:2020-01402

Уязвимость функции managed-keys сервера DNS BIND, связанная с неограниченным распределением ресурсов, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH (7.1)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C
References:
Published: 2020-04-13
Modified: 2020-08-28

BDU:2020-01437

Уязвимость DNS-сервер BIND, связанная с одновременном выполнением с использованием общего ресурса с неправильной синхронизацией, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (5.9)Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH (7.1)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C
References:
Published: 2019-10-09
Modified: 2024-11-21

CVE-2018-5743

By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.6, 9.12.0 -> 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -> 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -> 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743.

Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: HIGH (7.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2019-10-09
Modified: 2024-11-21

CVE-2018-5744

A failure to free memory can occur when processing messages having a specific combination of EDNS options. Versions affected are: BIND 9.10.7 -> 9.10.8-P1, 9.11.3 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.10.7-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected.

Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Severity: HIGH (7.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2019-10-09
Modified: 2024-11-21

CVE-2018-5745

"managed-keys" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses managed-keys to exit due to an assertion failure if, during key rollover, a trust anchor's keys are replaced with keys which use an unsupported algorithm. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5745.

Severity: LOW (3.5)Vector: AV:N/AC:M/Au:S/C:N/I:N/A:P
Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2019-10-09
Modified: 2024-11-21

CVE-2019-6465

Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P2, 9.12.0 -> 9.12.3-P2, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2019-6465.

Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Severity: MEDIUM (5.3)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
References:
Published: 2019-10-09
Modified: 2024-11-21

CVE-2019-6471

A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in dispatch.c. Versions affected: BIND 9.11.0 -> 9.11.7, 9.12.0 -> 9.12.4-P1, 9.14.0 -> 9.14.2. Also all releases of the BIND 9.13 development branch and version 9.15.0 of the BIND 9.15 development branch and BIND Supported Preview Edition versions 9.11.3-S1 -> 9.11.7-S1.

Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (5.9)Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: 2.1.2
Back to top