[ GLSA 201903-13 ] BIND: Multiple vulnerabilities


–J4XPiPrVK1ev6Sgr

Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Gentoo Linux Security Advisory GLSA 201903-13
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
https://security.gentoo.org/
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

Severity: Normal
Title: BIND: Multiple vulnerabilities
Date: March 14, 2019
Bugs: #657654, #666946
ID: 201903-13

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

Synopsis

Multiple vulnerabilities have been found in BIND, the worst of which
could result in a Denial of Service condition.

Background

BIND (Berkeley Internet Name Domain) is a Name Server.

Affected packages

——————————————————————-
Package / Vulnerable / Unaffected
——————————————————————-
1 net-dns/bind 9.12.1_p2-r1=20

Description

Multiple vulnerabilities have been discovered in BIND. Please review
the CVE identifiers referenced below for details.

Impact

BIND can improperly permit recursive query service to unauthorized
clients possibly resulting in a Denial of Service condition or to be
used in DNS reflection attacks.

Workaround

There is no known workaround at this time.

Resolution

All bind users should upgrade to the latest version:

# emerge –sync
# emerge –ask –oneshot –verbose “>net-dns/bind-9.12.1_p2-r1”

References

[ 1 ] CVE-2018-5738
https://nvd.nist.gov/vuln/detail/CVE-2018-5738
[ 2 ] CVE-2018-5740
https://nvd.nist.gov/vuln/detail/CVE-2018-5740
[ 3 ] CVE-2018-5741
https://nvd.nist.gov/vuln/detail/CVE-2018-5741

Availability

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/201903-13

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users’ machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License

Copyright 2019 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons – Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

–J4XPiPrVK1ev6Sgr

—–BEGIN PGP SIGNATURE—–

iQEzBAABCAAdFiEEiDRK3jyVBE/RkymqpRQw84X1dt0FAlyJsW0ACgkQpRQw84X1
dt1FhQf8CsuwPIYHpf7C0Lie+VTskOquIbENpxhLC0XX2FTuMopgEkfmi90njFe8
m6hYrUhPjukOI1W1J+ooYd9mLLAUz3nnk10fb1HpVY0E7032JAZwdV2TmdQ7rcxW
LZYHJTefs3PaTsWhpysQdt+EcysfcSUAD9PiRpoo2AaRxOItkf6okItwCY3YeBrB
B0b8wNYKvPWjpH/Fk1lb4qt0Gv0k34ai3kbtVWZ9Fkv8uuMli4psJijTa0yaZE5v
K4PvQLmJdVgKAWmSwogl4SAzE1fWuMBv7yxx0ZuFh36h+f1WdCJy1RLdebFC8X4P
h85ybKtPBv9+rBPKeSgcaJ6JM/SueA==
=c5dr
—–END PGP SIGNATURE—–

–J4XPiPrVK1ev6Sgr–