user/bind: multiple vulnerabilities
Bugzilla ID | 290 |
Alias(es) | CVE-2020-8619 |
Reporter | Max Rees (sroracle) |
Assignee | Dan Theisen |
Reported | 2020-05-19 16:54:18 -0500 |
Modified | 2020-10-25 20:49:36 -0500 |
Status | RESOLVED FIXED |
Version | 1.0-RC1 |
Hardware | Adélie Linux / All |
Importance | --- / normal |
Package(s) | user/bind |
Description
CVE-2020-8616: BIND does not sufficiently limit the number
of fetches performed when processing referrals
https://kb.isc.org/docs/cve-2020-8616CVE-2020-8617: A logic error in code which checks TSIG
validity can be used to trigger an assertion failure in tsig.c
https://kb.isc.org/docs/cve-2020-8617
Fixed in >= 9.14.12