RHSA-2020:5011

Affecting bind-license package, versions <32:9.11.4-26.P2.el7_9.2

Report new vulnerabilities
medium severity
Do your applications use this vulnerable package? Test your applications

Overview

Affected versions of this package are vulnerable to RHSA-2020:5011. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: truncated TSIG response can lead to an assertion failure (CVE-2020-8622) * bind: remotely triggerable assertion failure in pk11.c (CVE-2020-8623) * bind: incorrect enforcement of update-policy rules of type "subdomain" (CVE-2020-8624) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * BIND stops DNSKEY lookup in get_dst_key() when a key with unsupported algorithm is found first [RHEL7] (BZ#1884530)

Remediation

Upgrade bind-license to version or higher.

References

CVE
RHSA-2020:5011
Snyk ID
SNYK-CENTOS7-BINDLICENSE-1038899
Published
11 Nov, 2020