SUSE-RU-2020:2915-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2020/suse-ru-20202915-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-RU-2020:2915-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-RU-2020:2915-1
Related
Published
2020-10-13T15:33:50Z
Modified
2020-10-13T15:33:50Z
Summary
Recommended update for bind
Details

This update for bind fixes the following issues:

Bind was updated to version 9.11.22

Note:

  • bind is now more strict in regards to DNSSEC. If queries are not working, check for DNSSEC issues. For instance, if bind is used in a namserver forwarder chain, the forwarding DNS servers must support DNSSEC.

This upgrade also fixes the following security issues:

    1. [security] 'update-policy' rules of type 'subdomain' were incorrectly treated as 'zonesub' rules, which allowed keys used in 'subdomain' rules to update names outside of the specified subdomains. The problem was fixed by making sure 'subdomain' rules are again processed as described in the ARM. (CVE-2020-8624 bsc#1175443)
    1. [security] When BIND 9 was compiled with native PKCS#11 support, it was possible to trigger an assertion failure in code determining the number of bits in the PKCS#11 RSA public key with a specially crafted packet. (CVE-2020-8623 bsc#1175443)
    1. [security] It was possible to trigger an assertion failure when verifying the response to a TSIG-signed request. (CVE-2020-8622 bsc#1175443)

  • Suppress warning message about missing file. (bsc#1092283, bsc#1127583, bsc#1094236, bsc#1173983) Added /etc/bind.keys to NAMED_CONF_INCLUDE_FILES in /etc/sysconfig/named.

References

Affected packages

SUSE:OpenStack Cloud 9 / bind

Package

Name
bind
Purl
purl:rpm/suse/bind&distro=SUSE%20OpenStack%20Cloud%209

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.11.22-3.22.1

Ecosystem specific 

{
    "binaries": [
        {
            "bind-chrootenv": "9.11.22-3.22.1",
            "libbind9-161": "9.11.22-3.22.1",
            "bind-utils": "9.11.22-3.22.1",
            "python-bind": "9.11.22-3.22.1",
            "libisc1107-32bit": "9.11.22-3.22.1",
            "libisccc161": "9.11.22-3.22.1",
            "bind-doc": "9.11.22-3.22.1",
            "bind": "9.11.22-3.22.1",
            "libdns1110": "9.11.22-3.22.1",
            "libirs161": "9.11.22-3.22.1",
            "libisccfg163": "9.11.22-3.22.1",
            "liblwres161": "9.11.22-3.22.1",
            "libisc1107": "9.11.22-3.22.1"
        }
    ]
}

SUSE:OpenStack Cloud Crowbar 9 / bind

Package

Name
bind
Purl
purl:rpm/suse/bind&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.11.22-3.22.1

Ecosystem specific 

{
    "binaries": [
        {
            "bind-chrootenv": "9.11.22-3.22.1",
            "libbind9-161": "9.11.22-3.22.1",
            "bind-utils": "9.11.22-3.22.1",
            "python-bind": "9.11.22-3.22.1",
            "libisc1107-32bit": "9.11.22-3.22.1",
            "libisccc161": "9.11.22-3.22.1",
            "bind-doc": "9.11.22-3.22.1",
            "bind": "9.11.22-3.22.1",
            "libdns1110": "9.11.22-3.22.1",
            "libirs161": "9.11.22-3.22.1",
            "libisccfg163": "9.11.22-3.22.1",
            "liblwres161": "9.11.22-3.22.1",
            "libisc1107": "9.11.22-3.22.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP4 / bind

Package

Name
bind
Purl
purl:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.11.22-3.22.1

Ecosystem specific 

{
    "binaries": [
        {
            "bind-chrootenv": "9.11.22-3.22.1",
            "libbind9-161": "9.11.22-3.22.1",
            "bind-utils": "9.11.22-3.22.1",
            "python-bind": "9.11.22-3.22.1",
            "libisc1107-32bit": "9.11.22-3.22.1",
            "libisccc161": "9.11.22-3.22.1",
            "bind-doc": "9.11.22-3.22.1",
            "bind": "9.11.22-3.22.1",
            "libdns1110": "9.11.22-3.22.1",
            "libirs161": "9.11.22-3.22.1",
            "libisccfg163": "9.11.22-3.22.1",
            "liblwres161": "9.11.22-3.22.1",
            "libisc1107": "9.11.22-3.22.1"
        }
    ]
}

SUSE:Linux Enterprise Software Development Kit 12 SP5 / bind

Package

Name
bind
Purl
purl:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.11.22-3.22.1

Ecosystem specific 

{
    "binaries": [
        {
            "bind-devel": "9.11.22-3.22.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP4-LTSS / bind

Package

Name
bind
Purl
purl:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.11.22-3.22.1

Ecosystem specific 

{
    "binaries": [
        {
            "bind-chrootenv": "9.11.22-3.22.1",
            "libbind9-161": "9.11.22-3.22.1",
            "bind-utils": "9.11.22-3.22.1",
            "python-bind": "9.11.22-3.22.1",
            "libisc1107-32bit": "9.11.22-3.22.1",
            "libisccc161": "9.11.22-3.22.1",
            "bind-doc": "9.11.22-3.22.1",
            "bind": "9.11.22-3.22.1",
            "libdns1110": "9.11.22-3.22.1",
            "libirs161": "9.11.22-3.22.1",
            "libisccfg163": "9.11.22-3.22.1",
            "liblwres161": "9.11.22-3.22.1",
            "libisc1107": "9.11.22-3.22.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP5 / bind

Package

Name
bind
Purl
purl:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.11.22-3.22.1

Ecosystem specific 

{
    "binaries": [
        {
            "bind-chrootenv": "9.11.22-3.22.1",
            "libbind9-161": "9.11.22-3.22.1",
            "bind-utils": "9.11.22-3.22.1",
            "python-bind": "9.11.22-3.22.1",
            "libisc1107-32bit": "9.11.22-3.22.1",
            "libisccc161": "9.11.22-3.22.1",
            "bind-doc": "9.11.22-3.22.1",
            "bind": "9.11.22-3.22.1",
            "libdns1110": "9.11.22-3.22.1",
            "libirs161": "9.11.22-3.22.1",
            "libisccfg163": "9.11.22-3.22.1",
            "liblwres161": "9.11.22-3.22.1",
            "libisc1107": "9.11.22-3.22.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP5 / bind

Package

Name
bind
Purl
purl:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.11.22-3.22.1

Ecosystem specific 

{
    "binaries": [
        {
            "bind-chrootenv": "9.11.22-3.22.1",
            "libbind9-161": "9.11.22-3.22.1",
            "bind-utils": "9.11.22-3.22.1",
            "python-bind": "9.11.22-3.22.1",
            "libisc1107-32bit": "9.11.22-3.22.1",
            "libisccc161": "9.11.22-3.22.1",
            "bind-doc": "9.11.22-3.22.1",
            "bind": "9.11.22-3.22.1",
            "libdns1110": "9.11.22-3.22.1",
            "libirs161": "9.11.22-3.22.1",
            "libisccfg163": "9.11.22-3.22.1",
            "liblwres161": "9.11.22-3.22.1",
            "libisc1107": "9.11.22-3.22.1"
        }
    ]
}