An update for bind is now available for openEuler-20.03-LTS-SP3
Security Advisory
openeuler-security@openeuler.org
openEuler security committee
openEuler-SA-2022-1982
Final
1.0
1.0
2022-10-14
Initial
2022-10-14
2022-10-14
openEuler SA Tool V1.0
2022-10-14
bind security update
An update for bind is now available for openEuler-20.03-LTS-SP3.
BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating properly.
Security Fix(es):
By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.(CVE-2022-38177)
By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.(CVE-2022-38178)
By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.(CVE-2022-2795)
The underlying bug might cause read past end of the buffer and either read memory it should not read, or crash the process.(CVE-2022-2881)
An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service.(CVE-2022-2906)
An update for bind is now available for openEuler-20.03-LTS-SP3.
openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
High
bind
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1982
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-38177
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-38178
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-2795
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-2881
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-2906
https://nvd.nist.gov/vuln/detail/CVE-2022-38177
https://nvd.nist.gov/vuln/detail/CVE-2022-38178
https://nvd.nist.gov/vuln/detail/CVE-2022-2795
https://nvd.nist.gov/vuln/detail/CVE-2022-2881
https://nvd.nist.gov/vuln/detail/CVE-2022-2906
openEuler-20.03-LTS-SP3
bind-utils-9.11.21-14.oe1.aarch64.rpm
bind-libs-9.11.21-14.oe1.aarch64.rpm
bind-debuginfo-9.11.21-14.oe1.aarch64.rpm
bind-pkcs11-9.11.21-14.oe1.aarch64.rpm
bind-export-libs-9.11.21-14.oe1.aarch64.rpm
bind-pkcs11-devel-9.11.21-14.oe1.aarch64.rpm
bind-9.11.21-14.oe1.aarch64.rpm
bind-devel-9.11.21-14.oe1.aarch64.rpm
bind-chroot-9.11.21-14.oe1.aarch64.rpm
bind-libs-lite-9.11.21-14.oe1.aarch64.rpm
bind-export-devel-9.11.21-14.oe1.aarch64.rpm
bind-debugsource-9.11.21-14.oe1.aarch64.rpm
python3-bind-9.11.21-14.oe1.noarch.rpm
bind-9.11.21-14.oe1.src.rpm
bind-export-devel-9.11.21-14.oe1.x86_64.rpm
bind-utils-9.11.21-14.oe1.x86_64.rpm
bind-export-libs-9.11.21-14.oe1.x86_64.rpm
bind-debugsource-9.11.21-14.oe1.x86_64.rpm
bind-pkcs11-9.11.21-14.oe1.x86_64.rpm
bind-libs-lite-9.11.21-14.oe1.x86_64.rpm
bind-chroot-9.11.21-14.oe1.x86_64.rpm
bind-libs-9.11.21-14.oe1.x86_64.rpm
bind-pkcs11-devel-9.11.21-14.oe1.x86_64.rpm
bind-debuginfo-9.11.21-14.oe1.x86_64.rpm
bind-devel-9.11.21-14.oe1.x86_64.rpm
bind-9.11.21-14.oe1.x86_64.rpm
By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.
2022-10-14
CVE-2022-38177
openEuler-20.03-LTS-SP3
High
7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
bind security update
2022-10-14
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1982
By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.
2022-10-14
CVE-2022-38178
openEuler-20.03-LTS-SP3
High
7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
bind security update
2022-10-14
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1982
By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver s performance, effectively denying legitimate clients access to the DNS resolution service.
2022-10-14
CVE-2022-2795
openEuler-20.03-LTS-SP3
High
7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
bind security update
2022-10-14
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1982
The underlying bug might cause read past end of the buffer and either read memory it should not read, or crash the process.
2022-10-14
CVE-2022-2881
openEuler-20.03-LTS-SP3
High
8.2
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
bind security update
2022-10-14
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1982
An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service.
2022-10-14
CVE-2022-2906
openEuler-20.03-LTS-SP3
High
7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
bind security update
2022-10-14
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1982