An update for bind is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2
Security Advisory
openeuler-security@openeuler.org
openEuler security committee
openEuler-SA-2021-1459
Final
1.0
1.0
2021-12-10
Initial
2021-12-10
2021-12-10
openEuler SA Tool V1.0
2021-12-10
bind security update
An update for bind is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2.
Domain Name System (DNS) Server.
Security Fix(es):
In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. The way the lame cache is currently designed makes it possible for its internal data structures to grow almost infinitely, which may cause significant delays in client query processing.(CVE-2021-25219)
An update for bind is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2.
openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
Medium
bind
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1459
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-25219
https://nvd.nist.gov/vuln/detail/CVE-2021-25219
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP2
bind-libs-lite-9.11.21-9.oe1.aarch64.rpm
bind-export-libs-9.11.21-9.oe1.aarch64.rpm
bind-chroot-9.11.21-9.oe1.aarch64.rpm
bind-libs-9.11.21-9.oe1.aarch64.rpm
bind-pkcs11-9.11.21-9.oe1.aarch64.rpm
bind-9.11.21-9.oe1.aarch64.rpm
bind-pkcs11-devel-9.11.21-9.oe1.aarch64.rpm
bind-export-devel-9.11.21-9.oe1.aarch64.rpm
bind-devel-9.11.21-9.oe1.aarch64.rpm
bind-debugsource-9.11.21-9.oe1.aarch64.rpm
bind-debuginfo-9.11.21-9.oe1.aarch64.rpm
bind-utils-9.11.21-9.oe1.aarch64.rpm
bind-export-libs-9.11.21-9.oe1.aarch64.rpm
bind-chroot-9.11.21-9.oe1.aarch64.rpm
bind-libs-9.11.21-9.oe1.aarch64.rpm
bind-libs-lite-9.11.21-9.oe1.aarch64.rpm
bind-devel-9.11.21-9.oe1.aarch64.rpm
bind-debuginfo-9.11.21-9.oe1.aarch64.rpm
bind-9.11.21-9.oe1.aarch64.rpm
bind-export-devel-9.11.21-9.oe1.aarch64.rpm
bind-pkcs11-devel-9.11.21-9.oe1.aarch64.rpm
bind-debugsource-9.11.21-9.oe1.aarch64.rpm
bind-utils-9.11.21-9.oe1.aarch64.rpm
bind-pkcs11-9.11.21-9.oe1.aarch64.rpm
python3-bind-9.11.21-9.oe1.noarch.rpm
python3-bind-9.11.21-9.oe1.noarch.rpm
bind-9.11.21-9.oe1.src.rpm
bind-9.11.21-9.oe1.src.rpm
bind-9.11.21-9.oe1.x86_64.rpm
bind-libs-9.11.21-9.oe1.x86_64.rpm
bind-utils-9.11.21-9.oe1.x86_64.rpm
bind-export-libs-9.11.21-9.oe1.x86_64.rpm
bind-libs-lite-9.11.21-9.oe1.x86_64.rpm
bind-debuginfo-9.11.21-9.oe1.x86_64.rpm
bind-export-devel-9.11.21-9.oe1.x86_64.rpm
bind-pkcs11-devel-9.11.21-9.oe1.x86_64.rpm
bind-devel-9.11.21-9.oe1.x86_64.rpm
bind-chroot-9.11.21-9.oe1.x86_64.rpm
bind-pkcs11-9.11.21-9.oe1.x86_64.rpm
bind-debugsource-9.11.21-9.oe1.x86_64.rpm
bind-pkcs11-9.11.21-9.oe1.x86_64.rpm
bind-export-devel-9.11.21-9.oe1.x86_64.rpm
bind-export-libs-9.11.21-9.oe1.x86_64.rpm
bind-devel-9.11.21-9.oe1.x86_64.rpm
bind-chroot-9.11.21-9.oe1.x86_64.rpm
bind-libs-9.11.21-9.oe1.x86_64.rpm
bind-libs-lite-9.11.21-9.oe1.x86_64.rpm
bind-debugsource-9.11.21-9.oe1.x86_64.rpm
bind-utils-9.11.21-9.oe1.x86_64.rpm
bind-pkcs11-devel-9.11.21-9.oe1.x86_64.rpm
bind-9.11.21-9.oe1.x86_64.rpm
bind-debuginfo-9.11.21-9.oe1.x86_64.rpm
In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. The way the lame cache is currently designed makes it possible for its internal data structures to grow almost infinitely, which may cause significant delays in client query processing.
2021-12-10
CVE-2021-25219
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP2
Medium
5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
bind security update
2021-12-10
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1459