[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2227-1] bind9 security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : bind9
Version        : 1:9.9.5.dfsg-9+deb8u19
CVE ID         : CVE-2020-8616 CVE-2020-8617


Several vulnerabilities were discovered in BIND, a DNS server implementation.

CVE-2020-8616

    It was discovered that BIND does not sufficiently limit the number
    of fetches performed when processing referrals. An attacker can take
    advantage of this flaw to cause a denial of service (performance
    degradation) or use the recursing server in a reflection attack with
    a high amplification factor.

CVE-2020-8617

    It was discovered that a logic error in the code which checks TSIG
    validity can be used to trigger an assertion failure, resulting in
    denial of service.


For Debian 8 "Jessie", these problems have been fixed in version
1:9.9.5.dfsg-9+deb8u19.

We recommend that you upgrade your bind9 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl7SwphfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEepBhAAo6iJ4M1N7XAGtAm+13K/LWEIx0wxHVsWaD96N+Zwu8417MzavbZQA9AX
W2L3NDTJRJrXl0PdVIOTB0uWKlFFKWF7epxwESt2Y6zRso5SWlNYIHaDJ84DjfuT
4My8JZfHF+C0IFGVJ6XcyyxGhuKzY6ZCS1SYdyr5Cb/K2sqHxpEk1M15a4V5wiXN
ZbuHIRsVdS6dkMWXYKAxgnVppeFwhZKZPMnfccSf07tCplgo1FbbO0fHb/DGs38H
C1XgiZx96wF+iJrAtSB0CmTzL6y1pyYBl2ugA40B0rESRFEmGTZuihYBCu61scDQ
6K0cBAGRdTB2GzUCoSgJm7b96xHz+2lrlFI6HD6BIvQHcUvdjs42jjtUK8w0sYvm
vR57WR1tiCW5m+b6Xj+6f0LlHpocJZhAQPDrY/vpcccidEqnUaiyXt697Y4pIGFU
JaIQaG3RlY3aWyGMoVa5zQ+BZpTk/wAOJ+qbxDeBBSr+SVrgJBCtDXijBtuQo/Qw
hJa/gWkO5JeXyao/pS/u0i+84LjRbNoTZWUR+PuWMtyMfHjZuuplLD3SiQyAydUC
QJNpB3vYv7gG4TXt2Tn0GG9QkXp7qlOTrndVmp9WaeaHRI5B0kmyIGW0g1S3KbbP
v0rPYz1NNwOFTrInSH82CdC1htGbfXM2ar+krygFcIN/qwx3XBQ=
=yDy1
-----END PGP SIGNATURE-----


Reply to: