rpm package
suse/bind&distro=SUSE Linux Enterprise Server 12-LTSS
pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS
Vulnerabilities (17)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-6465 | — | < 9.9.9P1-28.42.1 | 9.9.9P1-28.42.1 | Oct 9, 2019 | Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P2, 9.12.0 -> 9.12.3-P2, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Ver | ||
| CVE-2018-5745 | — | < 9.9.9P1-28.42.1 | 9.9.9P1-28.42.1 | Oct 9, 2019 | "managed-keys" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses managed-keys to exit d | ||
| CVE-2018-5743 | — | < 9.9.9P1-28.42.1 | 9.9.9P1-28.42.1 | Oct 9, 2019 | By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit | ||
| CVE-2018-5740 | — | < 9.9.9P1-28.42.1 | 9.9.9P1-28.42.1 | Jan 16, 2019 | "deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the fe | ||
| CVE-2017-3143 | — | < 9.9.9P1-28.37.1 | 9.9.9P1-28.37.1 | Jan 16, 2019 | An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. Affects BIND 9.4.0->9.8.8, 9.9. | ||
| CVE-2017-3142 | — | < 9.9.9P1-28.37.1 | 9.9.9P1-28.37.1 | Jan 16, 2019 | An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys f | ||
| CVE-2017-3138 | — | < 9.9.9P1-28.34.1 | 9.9.9P1-28.34.1 | Jan 16, 2019 | named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regression introduced in a recent feature change has created a situation under which some | ||
| CVE-2017-3137 | — | < 9.9.9P1-28.34.1 | 9.9.9P1-28.34.1 | Jan 16, 2019 | Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order | ||
| CVE-2017-3136 | — | < 9.9.9P1-28.34.1 | 9.9.9P1-28.34.1 | Jan 16, 2019 | A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other p | ||
| CVE-2017-3135 | — | < 9.9.9P1-28.29.1 | 9.9.9P1-28.29.1 | Jan 16, 2019 | Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9. | ||
| CVE-2016-9444 | Hig | 7.5 | < 9.9.9P1-28.26.1 | 9.9.9P1-28.26.1 | Jan 12, 2017 | named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DS resource record in an answer. | |
| CVE-2016-9147 | Hig | 7.5 | < 9.9.9P1-28.26.1 | 9.9.9P1-28.26.1 | Jan 12, 2017 | named in ISC BIND 9.9.9-P4, 9.9.9-S6, 9.10.4-P4, and 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a response containing an inconsistency among the DNSSEC-related RRsets. | |
| CVE-2016-9131 | Hig | 7.5 | < 9.9.9P1-28.26.1 | 9.9.9P1-28.26.1 | Jan 12, 2017 | named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed response to an RTYPE ANY query. | |
| CVE-2016-8864 | Hig | 7.5 | < 9.9.9P1-28.23.1 | 9.9.9P1-28.23.1 | Nov 2, 2016 | named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and re | |
| CVE-2016-2776 | Hig | 7.5 | < 9.9.9P1-28.20.1 | 9.9.9P1-28.20.1 | Sep 28, 2016 | buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query. | |
| CVE-2016-2775 | Med | 5.9 | < 9.9.9P1-28.34.1 | 9.9.9P1-28.34.1 | Jul 19, 2016 | ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol. | |
| CVE-2016-6170 | Med | 6.5 | < 9.9.9P1-28.34.1 | 9.9.9P1-28.34.1 | Jul 6, 2016 | ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via a |
- CVE-2019-6465Oct 9, 2019affected < 9.9.9P1-28.42.1fixed 9.9.9P1-28.42.1
Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P2, 9.12.0 -> 9.12.3-P2, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Ver
- CVE-2018-5745Oct 9, 2019affected < 9.9.9P1-28.42.1fixed 9.9.9P1-28.42.1
"managed-keys" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses managed-keys to exit d
- CVE-2018-5743Oct 9, 2019affected < 9.9.9P1-28.42.1fixed 9.9.9P1-28.42.1
By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit
- CVE-2018-5740Jan 16, 2019affected < 9.9.9P1-28.42.1fixed 9.9.9P1-28.42.1
"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the fe
- CVE-2017-3143Jan 16, 2019affected < 9.9.9P1-28.37.1fixed 9.9.9P1-28.37.1
An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. Affects BIND 9.4.0->9.8.8, 9.9.
- CVE-2017-3142Jan 16, 2019affected < 9.9.9P1-28.37.1fixed 9.9.9P1-28.37.1
An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys f
- CVE-2017-3138Jan 16, 2019affected < 9.9.9P1-28.34.1fixed 9.9.9P1-28.34.1
named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regression introduced in a recent feature change has created a situation under which some
- CVE-2017-3137Jan 16, 2019affected < 9.9.9P1-28.34.1fixed 9.9.9P1-28.34.1
Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order
- CVE-2017-3136Jan 16, 2019affected < 9.9.9P1-28.34.1fixed 9.9.9P1-28.34.1
A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other p
- CVE-2017-3135Jan 16, 2019affected < 9.9.9P1-28.29.1fixed 9.9.9P1-28.29.1
Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9.
- affected < 9.9.9P1-28.26.1fixed 9.9.9P1-28.26.1
named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DS resource record in an answer.
- affected < 9.9.9P1-28.26.1fixed 9.9.9P1-28.26.1
named in ISC BIND 9.9.9-P4, 9.9.9-S6, 9.10.4-P4, and 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a response containing an inconsistency among the DNSSEC-related RRsets.
- affected < 9.9.9P1-28.26.1fixed 9.9.9P1-28.26.1
named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed response to an RTYPE ANY query.
- affected < 9.9.9P1-28.23.1fixed 9.9.9P1-28.23.1
named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and re
- affected < 9.9.9P1-28.20.1fixed 9.9.9P1-28.20.1
buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.
- affected < 9.9.9P1-28.34.1fixed 9.9.9P1-28.34.1
ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol.
- affected < 9.9.9P1-28.34.1fixed 9.9.9P1-28.34.1
ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via a