rpm package

opensuse/bind&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/bind&distro=openSUSE%20Tumbleweed

Vulnerabilities (109)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2018-5737		—	< 9.16.20-1.4	9.16.20-1.4	Jan 16, 2019	A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale-answer-enable is off. Additionally, problematic interaction between the serve-stale feature and NSEC aggressive negative caching can in some
CVE-2017-3145		—	< 9.16.20-1.4	9.16.20-1.4	Jan 16, 2019	BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.
CVE-2017-3142		—	< 9.16.20-1.4	9.16.20-1.4	Jan 16, 2019	An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys f
CVE-2017-3141		—	< 9.16.20-1.4	9.16.20-1.4	Jan 16, 2019	The BIND installer on Windows uses an unquoted service path which can enable a local user to achieve privilege escalation if the host file system permissions allow this. Affects BIND 9.2.6-P2->9.2.9, 9.3.2-P1->9.3.6, 9.4.0->9.8.8, 9.9.0->9.9.10, 9.10.0->9.10.5, 9.11.0->9.11.1, 9.
CVE-2017-3135		—	< 9.16.20-1.4	9.16.20-1.4	Jan 16, 2019	Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9.
CVE-2016-9778		—	< 9.16.20-1.4	9.16.20-1.4	Jan 16, 2019	An error in handling certain queries can cause an assertion failure when a server is using the nxdomain-redirect feature to cover a zone for which it is also providing authoritative service. A vulnerable server could be intentionally stopped by an attacker if it was using a confi
CVE-2016-9131	Hig	7.5	< 9.16.20-1.4	9.16.20-1.4	Jan 12, 2017	named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed response to an RTYPE ANY query.
CVE-2016-8864	Hig	7.5	< 9.10.3P4-21.1	9.10.3P4-21.1	Nov 2, 2016	named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and re
CVE-2016-2776	Hig	7.5	< 9.10.3P4-21.1	9.10.3P4-21.1	Sep 28, 2016	buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.
CVE-2016-2775	Med	5.9	< 9.16.20-1.4	9.16.20-1.4	Jul 19, 2016	ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol.
CVE-2016-2088	Med	6.8	< 9.10.3P4-21.1	9.10.3P4-21.1	Mar 9, 2016	resolver.c in named in ISC BIND 9.10.x before 9.10.3-P4, when DNS cookies are enabled, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed packet with more than one cookie option.
CVE-2016-1286	Hig	8.6	< 9.10.3P4-21.1	9.10.3P4-21.1	Mar 9, 2016	named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c.
CVE-2016-1285	Med	6.8	< 9.10.3P4-21.1	9.10.3P4-21.1	Mar 9, 2016	named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka contr
CVE-2015-8705	Hig	7.0	< 9.10.3P4-21.1	9.10.3P4-21.1	Jan 20, 2016	buffer.c in named in ISC BIND 9.10.x before 9.10.3-P3, when debug logging is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit, or daemon crash) or possibly have unspecified other impact via (1) OPT data or (2) an ECS option.
CVE-2015-8704	Med	6.5	< 9.10.3P4-21.1	9.10.3P4-21.1	Jan 20, 2016	apl_42.c in ISC BIND 9.x before 9.9.8-P3, 9.9.x, and 9.10.x before 9.10.3-P3 allows remote authenticated users to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed Address Prefix List (APL) record.
CVE-2015-8461		—	< 9.16.20-1.4	9.16.20-1.4	Dec 16, 2015	Race condition in resolver.c in named in ISC BIND 9.9.8 before 9.9.8-P2 and 9.10.3 before 9.10.3-P2 allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via unspecified vectors.
CVE-2015-8000		—	< 9.10.3P4-21.1	9.10.3P4-21.1	Dec 16, 2015	db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class attribute.
CVE-2015-5986		—	< 9.10.3P4-21.1	9.10.3P4-21.1	Sep 5, 2015	openpgpkey_61.c in named in ISC BIND 9.9.7 before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a crafted DNS response.
CVE-2015-5722		—	< 9.10.3P4-21.1	9.10.3P4-21.1	Sep 5, 2015	buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) by creating a zone containing a malformed DNSSEC key and issuing a query for a name in that zone.
CVE-2015-5477		—	< 9.10.3P4-21.1	9.10.3P4-21.1	Jul 29, 2015	named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries.

CVE-2018-5737Jan 16, 2019
affected < 9.16.20-1.4fixed 9.16.20-1.4
A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale-answer-enable is off. Additionally, problematic interaction between the serve-stale feature and NSEC aggressive negative caching can in some
CVE-2017-3145Jan 16, 2019
affected < 9.16.20-1.4fixed 9.16.20-1.4
BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.
CVE-2017-3142Jan 16, 2019
affected < 9.16.20-1.4fixed 9.16.20-1.4
An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys f
CVE-2017-3141Jan 16, 2019
affected < 9.16.20-1.4fixed 9.16.20-1.4
The BIND installer on Windows uses an unquoted service path which can enable a local user to achieve privilege escalation if the host file system permissions allow this. Affects BIND 9.2.6-P2->9.2.9, 9.3.2-P1->9.3.6, 9.4.0->9.8.8, 9.9.0->9.9.10, 9.10.0->9.10.5, 9.11.0->9.11.1, 9.
CVE-2017-3135Jan 16, 2019
affected < 9.16.20-1.4fixed 9.16.20-1.4
Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9.
CVE-2016-9778Jan 16, 2019
affected < 9.16.20-1.4fixed 9.16.20-1.4
An error in handling certain queries can cause an assertion failure when a server is using the nxdomain-redirect feature to cover a zone for which it is also providing authoritative service. A vulnerable server could be intentionally stopped by an attacker if it was using a confi
CVE-2016-9131HigJan 12, 2017
affected < 9.16.20-1.4fixed 9.16.20-1.4
named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed response to an RTYPE ANY query.
CVE-2016-8864HigNov 2, 2016
affected < 9.10.3P4-21.1fixed 9.10.3P4-21.1
named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and re
CVE-2016-2776HigSep 28, 2016
affected < 9.10.3P4-21.1fixed 9.10.3P4-21.1
buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.
CVE-2016-2775MedJul 19, 2016
affected < 9.16.20-1.4fixed 9.16.20-1.4
ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol.
CVE-2016-2088MedMar 9, 2016
affected < 9.10.3P4-21.1fixed 9.10.3P4-21.1
resolver.c in named in ISC BIND 9.10.x before 9.10.3-P4, when DNS cookies are enabled, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed packet with more than one cookie option.
CVE-2016-1286HigMar 9, 2016
affected < 9.10.3P4-21.1fixed 9.10.3P4-21.1
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c.
CVE-2016-1285MedMar 9, 2016
affected < 9.10.3P4-21.1fixed 9.10.3P4-21.1
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka contr
CVE-2015-8705HigJan 20, 2016
affected < 9.10.3P4-21.1fixed 9.10.3P4-21.1
buffer.c in named in ISC BIND 9.10.x before 9.10.3-P3, when debug logging is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit, or daemon crash) or possibly have unspecified other impact via (1) OPT data or (2) an ECS option.
CVE-2015-8704MedJan 20, 2016
affected < 9.10.3P4-21.1fixed 9.10.3P4-21.1
apl_42.c in ISC BIND 9.x before 9.9.8-P3, 9.9.x, and 9.10.x before 9.10.3-P3 allows remote authenticated users to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed Address Prefix List (APL) record.
CVE-2015-8461Dec 16, 2015
affected < 9.16.20-1.4fixed 9.16.20-1.4
Race condition in resolver.c in named in ISC BIND 9.9.8 before 9.9.8-P2 and 9.10.3 before 9.10.3-P2 allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via unspecified vectors.
CVE-2015-8000Dec 16, 2015
affected < 9.10.3P4-21.1fixed 9.10.3P4-21.1
db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class attribute.
CVE-2015-5986Sep 5, 2015
affected < 9.10.3P4-21.1fixed 9.10.3P4-21.1
openpgpkey_61.c in named in ISC BIND 9.9.7 before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a crafted DNS response.
CVE-2015-5722Sep 5, 2015
affected < 9.10.3P4-21.1fixed 9.10.3P4-21.1
buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) by creating a zone containing a malformed DNSSEC key and issuing a query for a name in that zone.
CVE-2015-5477Jul 29, 2015
affected < 9.10.3P4-21.1fixed 9.10.3P4-21.1
named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries.

Page 4 of 6