SUSE-RU-2020:2915-1: moderate: Recommended update for bind
sle-updates at lists.suse.com
sle-updates at lists.suse.com
Tue Oct 13 13:14:47 MDT 2020
SUSE Recommended Update: Recommended update for bind
______________________________________________________________________________
Announcement ID: SUSE-RU-2020:2915-1
Rating: moderate
References: #1092283 #1094236 #1127583 #1173983 #1175443
Affected Products:
SUSE OpenStack Cloud Crowbar 9
SUSE OpenStack Cloud 9
SUSE Linux Enterprise Software Development Kit 12-SP5
SUSE Linux Enterprise Server for SAP 12-SP4
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Server 12-SP4-LTSS
______________________________________________________________________________
An update that solves three vulnerabilities and has two
fixes is now available.
Description:
This update for bind fixes the following issues:
Bind was updated to version 9.11.22
Note:
- bind is now more strict in regards to DNSSEC. If queries are not
working, check for DNSSEC issues. For instance, if bind is used in a
namserver forwarder chain, the forwarding DNS servers must support
DNSSEC.
This upgrade also fixes the following security issues:
* 5481. [security] "update-policy" rules of type "subdomain" were
incorrectly treated as "zonesub" rules, which allowed keys used in
"subdomain" rules to update names outside
of the specified subdomains. The problem was
fixed by making sure "subdomain" rules are again processed as described in
the ARM. (CVE-2020-8624 bsc#1175443)
* 5480. [security] When BIND 9 was compiled with native PKCS#11
support, it was possible to trigger an assertion failure in code
determining the number of bits in the PKCS#11 RSA public key with a
specially crafted packet. (CVE-2020-8623 bsc#1175443)
* 5476. [security] It was possible to trigger an assertion failure
when verifying the response to a TSIG-signed request. (CVE-2020-8622
bsc#1175443)
- Suppress warning message about missing file. (bsc#1092283, bsc#1127583,
bsc#1094236, bsc#1173983) Added */etc/bind.keys* to
*NAMED_CONF_INCLUDE_FILES* in */etc/sysconfig/named*.
Patch Instructions:
To install this SUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE OpenStack Cloud Crowbar 9:
zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2915=1
- SUSE OpenStack Cloud 9:
zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2915=1
- SUSE Linux Enterprise Software Development Kit 12-SP5:
zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2915=1
- SUSE Linux Enterprise Server for SAP 12-SP4:
zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2915=1
- SUSE Linux Enterprise Server 12-SP5:
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2915=1
- SUSE Linux Enterprise Server 12-SP4-LTSS:
zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2915=1
Package List:
- SUSE OpenStack Cloud Crowbar 9 (noarch):
bind-doc-9.11.22-3.22.1
python-bind-9.11.22-3.22.1
- SUSE OpenStack Cloud Crowbar 9 (x86_64):
bind-9.11.22-3.22.1
bind-chrootenv-9.11.22-3.22.1
bind-debuginfo-9.11.22-3.22.1
bind-debugsource-9.11.22-3.22.1
bind-utils-9.11.22-3.22.1
bind-utils-debuginfo-9.11.22-3.22.1
libbind9-161-9.11.22-3.22.1
libbind9-161-debuginfo-9.11.22-3.22.1
libdns1110-9.11.22-3.22.1
libdns1110-debuginfo-9.11.22-3.22.1
libirs161-9.11.22-3.22.1
libirs161-debuginfo-9.11.22-3.22.1
libisc1107-32bit-9.11.22-3.22.1
libisc1107-9.11.22-3.22.1
libisc1107-debuginfo-32bit-9.11.22-3.22.1
libisc1107-debuginfo-9.11.22-3.22.1
libisccc161-9.11.22-3.22.1
libisccc161-debuginfo-9.11.22-3.22.1
libisccfg163-9.11.22-3.22.1
libisccfg163-debuginfo-9.11.22-3.22.1
liblwres161-9.11.22-3.22.1
liblwres161-debuginfo-9.11.22-3.22.1
- SUSE OpenStack Cloud 9 (noarch):
bind-doc-9.11.22-3.22.1
python-bind-9.11.22-3.22.1
- SUSE OpenStack Cloud 9 (x86_64):
bind-9.11.22-3.22.1
bind-chrootenv-9.11.22-3.22.1
bind-debuginfo-9.11.22-3.22.1
bind-debugsource-9.11.22-3.22.1
bind-utils-9.11.22-3.22.1
bind-utils-debuginfo-9.11.22-3.22.1
libbind9-161-9.11.22-3.22.1
libbind9-161-debuginfo-9.11.22-3.22.1
libdns1110-9.11.22-3.22.1
libdns1110-debuginfo-9.11.22-3.22.1
libirs161-9.11.22-3.22.1
libirs161-debuginfo-9.11.22-3.22.1
libisc1107-32bit-9.11.22-3.22.1
libisc1107-9.11.22-3.22.1
libisc1107-debuginfo-32bit-9.11.22-3.22.1
libisc1107-debuginfo-9.11.22-3.22.1
libisccc161-9.11.22-3.22.1
libisccc161-debuginfo-9.11.22-3.22.1
libisccfg163-9.11.22-3.22.1
libisccfg163-debuginfo-9.11.22-3.22.1
liblwres161-9.11.22-3.22.1
liblwres161-debuginfo-9.11.22-3.22.1
- SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):
bind-debuginfo-9.11.22-3.22.1
bind-debugsource-9.11.22-3.22.1
bind-devel-9.11.22-3.22.1
- SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):
bind-9.11.22-3.22.1
bind-chrootenv-9.11.22-3.22.1
bind-debuginfo-9.11.22-3.22.1
bind-debugsource-9.11.22-3.22.1
bind-utils-9.11.22-3.22.1
bind-utils-debuginfo-9.11.22-3.22.1
libbind9-161-9.11.22-3.22.1
libbind9-161-debuginfo-9.11.22-3.22.1
libdns1110-9.11.22-3.22.1
libdns1110-debuginfo-9.11.22-3.22.1
libirs161-9.11.22-3.22.1
libirs161-debuginfo-9.11.22-3.22.1
libisc1107-9.11.22-3.22.1
libisc1107-debuginfo-9.11.22-3.22.1
libisccc161-9.11.22-3.22.1
libisccc161-debuginfo-9.11.22-3.22.1
libisccfg163-9.11.22-3.22.1
libisccfg163-debuginfo-9.11.22-3.22.1
liblwres161-9.11.22-3.22.1
liblwres161-debuginfo-9.11.22-3.22.1
- SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64):
libisc1107-32bit-9.11.22-3.22.1
libisc1107-debuginfo-32bit-9.11.22-3.22.1
- SUSE Linux Enterprise Server for SAP 12-SP4 (noarch):
bind-doc-9.11.22-3.22.1
python-bind-9.11.22-3.22.1
- SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
bind-9.11.22-3.22.1
bind-chrootenv-9.11.22-3.22.1
bind-debuginfo-9.11.22-3.22.1
bind-debugsource-9.11.22-3.22.1
bind-utils-9.11.22-3.22.1
bind-utils-debuginfo-9.11.22-3.22.1
libbind9-161-9.11.22-3.22.1
libbind9-161-debuginfo-9.11.22-3.22.1
libdns1110-9.11.22-3.22.1
libdns1110-debuginfo-9.11.22-3.22.1
libirs161-9.11.22-3.22.1
libirs161-debuginfo-9.11.22-3.22.1
libisc1107-9.11.22-3.22.1
libisc1107-debuginfo-9.11.22-3.22.1
libisccc161-9.11.22-3.22.1
libisccc161-debuginfo-9.11.22-3.22.1
libisccfg163-9.11.22-3.22.1
libisccfg163-debuginfo-9.11.22-3.22.1
liblwres161-9.11.22-3.22.1
liblwres161-debuginfo-9.11.22-3.22.1
- SUSE Linux Enterprise Server 12-SP5 (s390x x86_64):
libisc1107-32bit-9.11.22-3.22.1
libisc1107-debuginfo-32bit-9.11.22-3.22.1
- SUSE Linux Enterprise Server 12-SP5 (noarch):
bind-doc-9.11.22-3.22.1
python-bind-9.11.22-3.22.1
- SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64):
bind-9.11.22-3.22.1
bind-chrootenv-9.11.22-3.22.1
bind-debuginfo-9.11.22-3.22.1
bind-debugsource-9.11.22-3.22.1
bind-utils-9.11.22-3.22.1
bind-utils-debuginfo-9.11.22-3.22.1
libbind9-161-9.11.22-3.22.1
libbind9-161-debuginfo-9.11.22-3.22.1
libdns1110-9.11.22-3.22.1
libdns1110-debuginfo-9.11.22-3.22.1
libirs161-9.11.22-3.22.1
libirs161-debuginfo-9.11.22-3.22.1
libisc1107-9.11.22-3.22.1
libisc1107-debuginfo-9.11.22-3.22.1
libisccc161-9.11.22-3.22.1
libisccc161-debuginfo-9.11.22-3.22.1
libisccfg163-9.11.22-3.22.1
libisccfg163-debuginfo-9.11.22-3.22.1
liblwres161-9.11.22-3.22.1
liblwres161-debuginfo-9.11.22-3.22.1
- SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64):
libisc1107-32bit-9.11.22-3.22.1
libisc1107-debuginfo-32bit-9.11.22-3.22.1
- SUSE Linux Enterprise Server 12-SP4-LTSS (noarch):
bind-doc-9.11.22-3.22.1
python-bind-9.11.22-3.22.1
References:
https://www.suse.com/security/cve/CVE-2020-8622.html
https://www.suse.com/security/cve/CVE-2020-8623.html
https://www.suse.com/security/cve/CVE-2020-8624.html
https://bugzilla.suse.com/1092283
https://bugzilla.suse.com/1094236
https://bugzilla.suse.com/1127583
https://bugzilla.suse.com/1173983
https://bugzilla.suse.com/1175443
More information about the sle-updates
mailing list