Headline
RHSA-2022:7643: Red Hat Security Advisory: bind9.16 security update
An update for bind9.16 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2021-25220: bind: DNS forwarders - cache poisoning vulnerability
- CVE-2022-0396: bind: DoS from specifically crafted TCP packets
Synopsis
Important: bind9.16 security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for bind9.16 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.
Security Fix(es):
- bind: DNS forwarders - cache poisoning vulnerability (CVE-2021-25220)
- bind: DoS from specifically crafted TCP packets (CVE-2022-0396)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for ARM 64 8 aarch64
- Red Hat CodeReady Linux Builder for x86_64 8 x86_64
- Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le
- Red Hat CodeReady Linux Builder for ARM 64 8 aarch64
- Red Hat CodeReady Linux Builder for IBM z Systems 8 s390x
Fixes
- BZ - 2064512 - CVE-2021-25220 bind: DNS forwarders - cache poisoning vulnerability
- BZ - 2064513 - CVE-2022-0396 bind: DoS from specifically crafted TCP packets
- BZ - 2128601 - CVE-2022-38177 bind: memory leak in ECDSA DNSSEC verification code
References
- https://access.redhat.com/security/updates/classification/#important
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index
Red Hat Enterprise Linux for x86_64 8
SRPM
bind9.16-9.16.23-0.9.el8.1.src.rpm
SHA-256: 7449bb907b52a393d7147ccca3e7096c8323f179be1b1315b2ec7ef7af193b1a
x86_64
bind9.16-9.16.23-0.9.el8.1.x86_64.rpm
SHA-256: 404ae8f808841e24f48644ca17834489d0b733a0dc5c3aef7686a2df5ac34cce
bind9.16-chroot-9.16.23-0.9.el8.1.x86_64.rpm
SHA-256: bd257c3c2ae44d92c5bf4acacd544c6a5938288c820e23c47b8114eff808e2d0
bind9.16-debuginfo-9.16.23-0.9.el8.1.x86_64.rpm
SHA-256: cb2fdb0bb892f892b81bb51a971f22381accf0c943a732db9cc3bdace62fa962
bind9.16-debugsource-9.16.23-0.9.el8.1.x86_64.rpm
SHA-256: a01ffb018a2e38443e918ebfdb693c2cc33aabbe985552d837758acab8b3d9bb
bind9.16-dnssec-utils-debuginfo-9.16.23-0.9.el8.1.x86_64.rpm
SHA-256: b8776d4175845dcb26cb07d4966a8ce741609c86d1209009727a663ca22c242f
bind9.16-libs-9.16.23-0.9.el8.1.x86_64.rpm
SHA-256: a4998ea90bb8d8d77c37d176ed5ff62e7b0c8599e98dd48bce34581bf93a98c2
bind9.16-libs-debuginfo-9.16.23-0.9.el8.1.x86_64.rpm
SHA-256: 36fc8c4bd0737357a93edd3ac977e88747dec0d00414c8a25639d0a481e142aa
bind9.16-license-9.16.23-0.9.el8.1.noarch.rpm
SHA-256: b80e28a4c5563b73181ed6b5813dec4699a0e9cfcdf9fd747c64d7e2f75e6dce
bind9.16-utils-9.16.23-0.9.el8.1.x86_64.rpm
SHA-256: 15ac6373c86b8609e821c24173be14e1c1ba22ac7d43278e1af764c2734daad8
bind9.16-utils-debuginfo-9.16.23-0.9.el8.1.x86_64.rpm
SHA-256: af7d059269d5650418055035d85ad1764de774fc070b0ef508c97005335a0966
Red Hat Enterprise Linux for IBM z Systems 8
SRPM
bind9.16-9.16.23-0.9.el8.1.src.rpm
SHA-256: 7449bb907b52a393d7147ccca3e7096c8323f179be1b1315b2ec7ef7af193b1a
s390x
bind9.16-9.16.23-0.9.el8.1.s390x.rpm
SHA-256: 12645107d49890d6faa23f40d6d252c6bdb26a58c481a201dcd8b574056347a3
bind9.16-chroot-9.16.23-0.9.el8.1.s390x.rpm
SHA-256: 27887c792787c620d16c08feb58acb6a7ca058b92c9219b7e2e3ea9d4ed86714
bind9.16-debuginfo-9.16.23-0.9.el8.1.s390x.rpm
SHA-256: 308731bd77326de18f9124db6b12943af3a9b2ca2fbbfbb1a2cdbacd9fb4910d
bind9.16-debugsource-9.16.23-0.9.el8.1.s390x.rpm
SHA-256: 1d1b075de6695723b6408590152a7a39114050fa020d85e527e8c2eb11fccbc1
bind9.16-dnssec-utils-debuginfo-9.16.23-0.9.el8.1.s390x.rpm
SHA-256: 286cc62847fc7007a4a9e9a3580d93d5dc259abb16d55a3bbab4210e8684adba
bind9.16-libs-9.16.23-0.9.el8.1.s390x.rpm
SHA-256: 6d343934fc6f99da0e9916e0a2e746ee5e1ceea16382de7da06145b829b67d2e
bind9.16-libs-debuginfo-9.16.23-0.9.el8.1.s390x.rpm
SHA-256: 28b69ba9a3f859e5e0eb02eb02b2821ec15dd3a1a1d1d49eb0718f9ab3c30ee8
bind9.16-license-9.16.23-0.9.el8.1.noarch.rpm
SHA-256: b80e28a4c5563b73181ed6b5813dec4699a0e9cfcdf9fd747c64d7e2f75e6dce
bind9.16-utils-9.16.23-0.9.el8.1.s390x.rpm
SHA-256: ec301d213ea8303b0ba2f20cc97bf9ede976789d19b4d68fb2a23a0cf4414026
bind9.16-utils-debuginfo-9.16.23-0.9.el8.1.s390x.rpm
SHA-256: 9ad203bb868132fcc1a77c8dba08fa4de5a175cea380b1aac492bc1a43db86d1
Red Hat Enterprise Linux for Power, little endian 8
SRPM
bind9.16-9.16.23-0.9.el8.1.src.rpm
SHA-256: 7449bb907b52a393d7147ccca3e7096c8323f179be1b1315b2ec7ef7af193b1a
ppc64le
bind9.16-9.16.23-0.9.el8.1.ppc64le.rpm
SHA-256: b0973de1f5e2cc1239ef6f9ec7716c4b474811313599f3d623d1518ff826cdbf
bind9.16-chroot-9.16.23-0.9.el8.1.ppc64le.rpm
SHA-256: 3b2f3e7a9a94f7771b53b73b4123486a70892f69c0579a64065606ae287b5b41
bind9.16-debuginfo-9.16.23-0.9.el8.1.ppc64le.rpm
SHA-256: ac2cc5933f8c48da347d238745abcb57d3af888d7b596b45918e05790b8f2adb
bind9.16-debugsource-9.16.23-0.9.el8.1.ppc64le.rpm
SHA-256: 69700805428cc3a251b322f0b13a741005d109e61c12cd1384f3a7e17a9b7d00
bind9.16-dnssec-utils-debuginfo-9.16.23-0.9.el8.1.ppc64le.rpm
SHA-256: cad0b8264508c7bcea670242248b375dec978680e598a2143dde256e861734a6
bind9.16-libs-9.16.23-0.9.el8.1.ppc64le.rpm
SHA-256: fef9a3384496506b1a8e5a1ee9f4bcfb1e7615e8ab4779db16a0dc31a3d58b29
bind9.16-libs-debuginfo-9.16.23-0.9.el8.1.ppc64le.rpm
SHA-256: c4a0077798ffcdf6420f0eeb7e08c72a02d24c35ea3094669a49b3cb5ae1d477
bind9.16-license-9.16.23-0.9.el8.1.noarch.rpm
SHA-256: b80e28a4c5563b73181ed6b5813dec4699a0e9cfcdf9fd747c64d7e2f75e6dce
bind9.16-utils-9.16.23-0.9.el8.1.ppc64le.rpm
SHA-256: 14a801af21e1e6b86698fd70d65ffa2bbd6c1b80f72ce727d3c0455e0f237bb3
bind9.16-utils-debuginfo-9.16.23-0.9.el8.1.ppc64le.rpm
SHA-256: 50b6e98e9549823373c7836f4e18674bd55fa01cb879aeac9e58e6636cf267bd
Red Hat Enterprise Linux for ARM 64 8
SRPM
bind9.16-9.16.23-0.9.el8.1.src.rpm
SHA-256: 7449bb907b52a393d7147ccca3e7096c8323f179be1b1315b2ec7ef7af193b1a
aarch64
bind9.16-9.16.23-0.9.el8.1.aarch64.rpm
SHA-256: 0648fc149da6d109f2e2bdbd7ea6637082efc5a606398bf5353de7b25802d4eb
bind9.16-chroot-9.16.23-0.9.el8.1.aarch64.rpm
SHA-256: 5e8f84cf91c64763216f161ee1ea1aee6edd403673dd680a1ad36951b627575f
bind9.16-debuginfo-9.16.23-0.9.el8.1.aarch64.rpm
SHA-256: bf7f6db43e08f046fa6f2426b64717732bee650a92ce64a129d2f90dc42a49a1
bind9.16-debugsource-9.16.23-0.9.el8.1.aarch64.rpm
SHA-256: e7d7270049301380cd896eb431f37b97efb56fe72a39dc56f2c78d95593761ad
bind9.16-dnssec-utils-debuginfo-9.16.23-0.9.el8.1.aarch64.rpm
SHA-256: 698b5ad310ac550eb77051bfceff4ce8dca3ccc17ae0a98e261778e4e3e80190
bind9.16-libs-9.16.23-0.9.el8.1.aarch64.rpm
SHA-256: 7d2bc63ef481c9ff712e6b8ee735ea8741e4008506f1eeb25a29940dabac77b0
bind9.16-libs-debuginfo-9.16.23-0.9.el8.1.aarch64.rpm
SHA-256: bbcd940ac0e63d159b41efe6ac8ccfddfaa941517e18c52a3b2d420d667700de
bind9.16-license-9.16.23-0.9.el8.1.noarch.rpm
SHA-256: b80e28a4c5563b73181ed6b5813dec4699a0e9cfcdf9fd747c64d7e2f75e6dce
bind9.16-utils-9.16.23-0.9.el8.1.aarch64.rpm
SHA-256: 0a9b31e201b619e638896d9bfba821078300844a6790957035d6c94bbadf8b2d
bind9.16-utils-debuginfo-9.16.23-0.9.el8.1.aarch64.rpm
SHA-256: 15925272ebc4aa449a4fdb1b42376750362f95b4e602d7e67859ef8fef12113a
Red Hat CodeReady Linux Builder for x86_64 8
SRPM
x86_64
bind9.16-debuginfo-9.16.23-0.9.el8.1.i686.rpm
SHA-256: 7cc6ea20dc27a59ea5c37b2d7e26a151bce129691ac2cb02113f7504de8bd482
bind9.16-debuginfo-9.16.23-0.9.el8.1.x86_64.rpm
SHA-256: cb2fdb0bb892f892b81bb51a971f22381accf0c943a732db9cc3bdace62fa962
bind9.16-debugsource-9.16.23-0.9.el8.1.i686.rpm
SHA-256: 7ddc603aeb9eb4549b6b4c08ac2214f557131d897b9e8e68b4e87c864a62bb97
bind9.16-debugsource-9.16.23-0.9.el8.1.x86_64.rpm
SHA-256: a01ffb018a2e38443e918ebfdb693c2cc33aabbe985552d837758acab8b3d9bb
bind9.16-devel-9.16.23-0.9.el8.1.i686.rpm
SHA-256: b79c643c2d742cca3e409142a6d6fc4360dcfdf1e7690a0464c725ef5f3d8880
bind9.16-devel-9.16.23-0.9.el8.1.x86_64.rpm
SHA-256: 4448c653e1d494981a94fdd55b6b90f4939d7192441cc4f94f8d1b27c7eeaed0
bind9.16-dnssec-utils-9.16.23-0.9.el8.1.x86_64.rpm
SHA-256: b4ede06adf034cb38fbcd5e3cc965774191b6fc654ac50b2a7edd17f51d83bd7
bind9.16-dnssec-utils-debuginfo-9.16.23-0.9.el8.1.i686.rpm
SHA-256: 22353e306d3f8f2325a4098b43d3196ca7cf0413292bf227a5002df8fd4da08c
bind9.16-dnssec-utils-debuginfo-9.16.23-0.9.el8.1.x86_64.rpm
SHA-256: b8776d4175845dcb26cb07d4966a8ce741609c86d1209009727a663ca22c242f
bind9.16-doc-9.16.23-0.9.el8.1.noarch.rpm
SHA-256: ec64c5cde3bcef552225c57133016dbc2bbf0a146fd1d52175cc3482f246c5b4
bind9.16-libs-9.16.23-0.9.el8.1.i686.rpm
SHA-256: 13abe46a527946bd95fb651228858628b726b782ba6ba54d24f6b36635a1ae14
bind9.16-libs-debuginfo-9.16.23-0.9.el8.1.i686.rpm
SHA-256: 19fcb740781b43973b52ffe21be8026a56d0f4354a2ba01ba0f3497355dc79ca
bind9.16-libs-debuginfo-9.16.23-0.9.el8.1.x86_64.rpm
SHA-256: 36fc8c4bd0737357a93edd3ac977e88747dec0d00414c8a25639d0a481e142aa
bind9.16-utils-debuginfo-9.16.23-0.9.el8.1.i686.rpm
SHA-256: ec086d2169c7bfea75d9c761069378fe0e537fbf0f31983e14c4e85d468e2cd5
bind9.16-utils-debuginfo-9.16.23-0.9.el8.1.x86_64.rpm
SHA-256: af7d059269d5650418055035d85ad1764de774fc070b0ef508c97005335a0966
python3-bind9.16-9.16.23-0.9.el8.1.noarch.rpm
SHA-256: ce3ea1dfbfd5c914bcf0fe7c680ee545683f36cc97bc4e4913767224056c6a46
Red Hat CodeReady Linux Builder for Power, little endian 8
SRPM
ppc64le
bind9.16-debuginfo-9.16.23-0.9.el8.1.ppc64le.rpm
SHA-256: ac2cc5933f8c48da347d238745abcb57d3af888d7b596b45918e05790b8f2adb
bind9.16-debugsource-9.16.23-0.9.el8.1.ppc64le.rpm
SHA-256: 69700805428cc3a251b322f0b13a741005d109e61c12cd1384f3a7e17a9b7d00
bind9.16-devel-9.16.23-0.9.el8.1.ppc64le.rpm
SHA-256: 07fb1673c98436235587d054ac5463b50c07e6949c3c38f3dfe6b53f8bd918dd
bind9.16-dnssec-utils-9.16.23-0.9.el8.1.ppc64le.rpm
SHA-256: afc2a61a522e1892e3b1545848a7edb86402644b962470cd47e8f0275d39a45a
bind9.16-dnssec-utils-debuginfo-9.16.23-0.9.el8.1.ppc64le.rpm
SHA-256: cad0b8264508c7bcea670242248b375dec978680e598a2143dde256e861734a6
bind9.16-doc-9.16.23-0.9.el8.1.noarch.rpm
SHA-256: ec64c5cde3bcef552225c57133016dbc2bbf0a146fd1d52175cc3482f246c5b4
bind9.16-libs-debuginfo-9.16.23-0.9.el8.1.ppc64le.rpm
SHA-256: c4a0077798ffcdf6420f0eeb7e08c72a02d24c35ea3094669a49b3cb5ae1d477
bind9.16-utils-debuginfo-9.16.23-0.9.el8.1.ppc64le.rpm
SHA-256: 50b6e98e9549823373c7836f4e18674bd55fa01cb879aeac9e58e6636cf267bd
python3-bind9.16-9.16.23-0.9.el8.1.noarch.rpm
SHA-256: ce3ea1dfbfd5c914bcf0fe7c680ee545683f36cc97bc4e4913767224056c6a46
Red Hat CodeReady Linux Builder for ARM 64 8
SRPM
aarch64
bind9.16-debuginfo-9.16.23-0.9.el8.1.aarch64.rpm
SHA-256: bf7f6db43e08f046fa6f2426b64717732bee650a92ce64a129d2f90dc42a49a1
bind9.16-debugsource-9.16.23-0.9.el8.1.aarch64.rpm
SHA-256: e7d7270049301380cd896eb431f37b97efb56fe72a39dc56f2c78d95593761ad
bind9.16-devel-9.16.23-0.9.el8.1.aarch64.rpm
SHA-256: bf880d8c11c106969f1ae19fda5dab92981b1c796c815e36ebf7c924c3b8855c
bind9.16-dnssec-utils-9.16.23-0.9.el8.1.aarch64.rpm
SHA-256: 0302e0292aab3ce7b44303967f30e74b40c9bd77360221ab844f8c2220e3e73e
bind9.16-dnssec-utils-debuginfo-9.16.23-0.9.el8.1.aarch64.rpm
SHA-256: 698b5ad310ac550eb77051bfceff4ce8dca3ccc17ae0a98e261778e4e3e80190
bind9.16-doc-9.16.23-0.9.el8.1.noarch.rpm
SHA-256: ec64c5cde3bcef552225c57133016dbc2bbf0a146fd1d52175cc3482f246c5b4
bind9.16-libs-debuginfo-9.16.23-0.9.el8.1.aarch64.rpm
SHA-256: bbcd940ac0e63d159b41efe6ac8ccfddfaa941517e18c52a3b2d420d667700de
bind9.16-utils-debuginfo-9.16.23-0.9.el8.1.aarch64.rpm
SHA-256: 15925272ebc4aa449a4fdb1b42376750362f95b4e602d7e67859ef8fef12113a
python3-bind9.16-9.16.23-0.9.el8.1.noarch.rpm
SHA-256: ce3ea1dfbfd5c914bcf0fe7c680ee545683f36cc97bc4e4913767224056c6a46
Red Hat CodeReady Linux Builder for IBM z Systems 8
SRPM
s390x
bind9.16-debuginfo-9.16.23-0.9.el8.1.s390x.rpm
SHA-256: 308731bd77326de18f9124db6b12943af3a9b2ca2fbbfbb1a2cdbacd9fb4910d
bind9.16-debugsource-9.16.23-0.9.el8.1.s390x.rpm
SHA-256: 1d1b075de6695723b6408590152a7a39114050fa020d85e527e8c2eb11fccbc1
bind9.16-devel-9.16.23-0.9.el8.1.s390x.rpm
SHA-256: 89c51b017cefc5b9ce2c1b7649da5f48d8242250b7abe2bc523a1449f2cb75c1
bind9.16-dnssec-utils-9.16.23-0.9.el8.1.s390x.rpm
SHA-256: f073c6b441a363457a438ade6a0f4df0a2e5c50424be2d9d6f0f846213850202
bind9.16-dnssec-utils-debuginfo-9.16.23-0.9.el8.1.s390x.rpm
SHA-256: 286cc62847fc7007a4a9e9a3580d93d5dc259abb16d55a3bbab4210e8684adba
bind9.16-doc-9.16.23-0.9.el8.1.noarch.rpm
SHA-256: ec64c5cde3bcef552225c57133016dbc2bbf0a146fd1d52175cc3482f246c5b4
bind9.16-libs-debuginfo-9.16.23-0.9.el8.1.s390x.rpm
SHA-256: 28b69ba9a3f859e5e0eb02eb02b2821ec15dd3a1a1d1d49eb0718f9ab3c30ee8
bind9.16-utils-debuginfo-9.16.23-0.9.el8.1.s390x.rpm
SHA-256: 9ad203bb868132fcc1a77c8dba08fa4de5a175cea380b1aac492bc1a43db86d1
python3-bind9.16-9.16.23-0.9.el8.1.noarch.rpm
SHA-256: ce3ea1dfbfd5c914bcf0fe7c680ee545683f36cc97bc4e4913767224056c6a46
Related news
Dell Unity 5.3 contain(s) an Arbitrary File Creation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by crafting arbitrary files through a request to the server.
Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).
Dell SCG 5.14 contains an information disclosure vulnerability during the SRS to SCG upgrade path. A remote low privileged malicious user could potentially exploit this vulnerability to retrieve the plain text.
Red Hat Security Advisory 2023-1326-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.0. Issues addressed include bypass, denial of service, information leakage, out of bounds read, and remote SQL injection vulnerabilities.
Red Hat Security Advisory 2023-0402-01 - An update for bind is now available for Red Hat Enterprise Linux 7.
An update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-25220: bind: DNS forwarders - cache poisoning vulnerability * CVE-2022-2795: bind: processing large delegations may severely degrade resolver performance
Red Hat OpenShift Virtualization release 4.11.1 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24921: golang: regexp: stack exhaustion via a deeply nested expression * CVE-2022-28327: golang: crypto/elliptic: panic caus...
Red Hat OpenShift Virtualization release 4.9.7 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1996: go-restful: Authorization Bypass Through User-Controlled Key
Red Hat Security Advisory 2022-8068-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2022-8385-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network.
An update for bind is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-25220: bind: DNS forwarders - cache poisoning vulnerability * CVE-2022-0396: bind: DoS from specifically crafted TCP packets
An update for dhcp is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-25220: bind: DNS forwarders - cache poisoning vulnerability
Red Hat Security Advisory 2022-7643-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Issues addressed include denial of service and memory leak vulnerabilities.
An update for bind is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-25220: bind: DNS forwarders - cache poisoning vulnerability
Red Hat Security Advisory 2022-6780-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Issues addressed include a memory leak vulnerability.
Red Hat Security Advisory 2022-6779-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Issues addressed include a memory leak vulnerability.
Red Hat Security Advisory 2022-6778-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Issues addressed include a memory leak vulnerability.
Red Hat Security Advisory 2022-6781-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Issues addressed include a memory leak vulnerability.
Red Hat Security Advisory 2022-6765-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Issues addressed include a memory leak vulnerability.
An update for bind9.16 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3080: bind: BIND 9 resolvers configured to answer from cache with zero stale-answer-timeout may terminate unexpectedly * CVE-2022-38177: bind: memory leak in ECDSA DNSSEC verification code * CVE-2022-38178: bind: memory leaks in EdDSA DNSSEC verification code
An update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-38177: bind: memory leak in ECDSA DNSSEC verification code * CVE-2022-38178: bind: memory leaks in EdDSA DNSSEC verification code
Ubuntu Security Notice 5626-2 - USN-5626-1 fixed several vulnerabilities in Bind. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Yehuda Afek, Anat Bremler-Barr, and Shani Stajnrod discovered that Bind incorrectly handled large delegations. A remote attacker could possibly use this issue to reduce performance, leading to a denial of service.
Ubuntu Security Notice 5626-1 - Yehuda Afek, Anat Bremler-Barr, and Shani Stajnrod discovered that Bind incorrectly handled large delegations. A remote attacker could possibly use this issue to reduce performance, leading to a denial of service. It was discovered that Bind incorrectly handled statistics requests. A remote attacker could possibly use this issue to obtain sensitive memory contents, or cause a denial of service. This issue only affected Ubuntu 22.04 LTS.
By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.
BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients.
BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has terminated the connection.