RHSA-2020:2344

Affecting bind-license package, versions <32:9.11.4-16.P2.el7_8.6

Report new vulnerabilities
high severity
Do your applications use this vulnerable package? Test your applications

Overview

Affected versions of this package are vulnerable to RHSA-2020:2344. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: BIND does not sufficiently limit the number of fetches performed when processing referrals (CVE-2020-8616) * bind: A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c (CVE-2020-8617) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Remediation

Upgrade bind-license to version or higher.

References

CVE
RHSA-2020:2344
Snyk ID
SNYK-CENTOS7-BINDLICENSE-577209
Published
13 Jul, 2020