user/bind: multiple vulnerabilities
| Bugzilla ID | 290 |
| Alias(es) | CVE-2020-8619 |
| Reporter | Max Rees (sroracle) |
| Assignee | Dan Theisen |
| Reported | 2020-05-19 16:54:18 -0500 |
| Modified | 2020-10-25 20:49:36 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/bind |
Description
CVE-2020-8616: BIND does not sufficiently limit the number
of fetches performed when processing referrals
https://kb.isc.org/docs/cve-2020-8616CVE-2020-8617: A logic error in code which checks TSIG
validity can be used to trigger an assertion failure in tsig.c
https://kb.isc.org/docs/cve-2020-8617
Fixed in >= 9.14.12