VYPR

rpm package

opensuse/bind&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/bind&distro=openSUSE%20Tumbleweed

Vulnerabilities (115)

  • CVE-2019-6477HigNov 26, 2019
    affected < 9.16.20-1.4fixed 9.16.20-1.4

    With pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to a query received via UDP or via TCP without pipelining enabled. A client using a TCP-pipelined connection to a server could consume more resources than the server has been pr

  • CVE-2019-6476MedOct 17, 2019
    affected < 9.16.20-1.4fixed 9.16.20-1.4

    A defect in code added to support QNAME minimization can cause named to exit with an assertion failure if a forwarder returns a referral rather than resolving the query. This affects BIND versions 9.14.0 up to 9.14.6, and 9.15.0 up to 9.15.4.

  • CVE-2019-6471MedOct 9, 2019
    affected < 9.16.20-1.4fixed 9.16.20-1.4

    A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in dispatch.c. Versions affected: BIND 9.11.0 -> 9.11.7, 9.12.0 -> 9.12.4-P1, 9.14.0 -> 9.14.2. Also all releases of the BIND 9.13 development branch a

  • CVE-2019-6465MedOct 9, 2019
    affected < 9.16.20-1.4fixed 9.16.20-1.4

    Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P2, 9.12.0 -> 9.12.3-P2, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Ver

  • CVE-2018-5745MedOct 9, 2019
    affected < 9.16.20-1.4fixed 9.16.20-1.4

    "managed-keys" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses managed-keys to exit d

  • CVE-2018-5743HigOct 9, 2019
    affected < 9.16.20-1.4fixed 9.16.20-1.4

    By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit

  • CVE-2018-5737MedJan 16, 2019
    affected < 9.16.20-1.4fixed 9.16.20-1.4

    A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale-answer-enable is off. Additionally, problematic interaction between the serve-stale feature and NSEC aggressive negative caching can in some

  • CVE-2017-3145HigJan 16, 2019
    affected < 9.16.20-1.4fixed 9.16.20-1.4

    BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.

  • CVE-2017-3142MedJan 16, 2019
    affected < 9.16.20-1.4fixed 9.16.20-1.4

    An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys f

  • CVE-2017-3141HigJan 16, 2019
    affected < 9.16.20-1.4fixed 9.16.20-1.4

    The BIND installer on Windows uses an unquoted service path which can enable a local user to achieve privilege escalation if the host file system permissions allow this. Affects BIND 9.2.6-P2->9.2.9, 9.3.2-P1->9.3.6, 9.4.0->9.8.8, 9.9.0->9.9.10, 9.10.0->9.10.5, 9.11.0->9.11.1, 9.

  • CVE-2017-3135HigJan 16, 2019
    affected < 9.16.20-1.4fixed 9.16.20-1.4

    Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9.

  • CVE-2016-9778HigJan 16, 2019
    affected < 9.16.20-1.4fixed 9.16.20-1.4

    An error in handling certain queries can cause an assertion failure when a server is using the nxdomain-redirect feature to cover a zone for which it is also providing authoritative service. A vulnerable server could be intentionally stopped by an attacker if it was using a confi

  • CVE-2016-9131HigJan 12, 2017
    affected < 9.16.20-1.4fixed 9.16.20-1.4

    named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed response to an RTYPE ANY query.

  • CVE-2016-8864HigNov 2, 2016
    affected < 9.10.3P4-21.1fixed 9.10.3P4-21.1

    named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and re

  • CVE-2016-2776HigSep 28, 2016
    affected < 9.10.3P4-21.1fixed 9.10.3P4-21.1

    buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.

  • CVE-2016-2775MedJul 19, 2016
    affected < 9.16.20-1.4fixed 9.16.20-1.4

    ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol.

  • CVE-2016-2088MedMar 9, 2016
    affected < 9.10.3P4-21.1fixed 9.10.3P4-21.1

    resolver.c in named in ISC BIND 9.10.x before 9.10.3-P4, when DNS cookies are enabled, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed packet with more than one cookie option.

  • CVE-2016-1286HigMar 9, 2016
    affected < 9.10.3P4-21.1fixed 9.10.3P4-21.1

    named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c.

  • CVE-2016-1285MedMar 9, 2016
    affected < 9.10.3P4-21.1fixed 9.10.3P4-21.1

    named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka contr

  • CVE-2015-8705HigJan 20, 2016
    affected < 9.10.3P4-21.1fixed 9.10.3P4-21.1

    buffer.c in named in ISC BIND 9.10.x before 9.10.3-P3, when debug logging is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit, or daemon crash) or possibly have unspecified other impact via (1) OPT data or (2) an ECS option.

Page 4 of 6