Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.5:Update
patchinfo.24461
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.24461
<patchinfo incident="24461"> <issue tracker="cve" id="2021-25219"/> <issue tracker="cve" id="2021-25220"/> <issue tracker="cve" id="2022-0396"/> <issue tracker="bnc" id="1192146">VUL-0: CVE-2021-25219: bind: Lame cache can be abused to severely degrade resolver performance</issue> <issue tracker="bnc" id="1197135">VUL-0: CVE-2021-25220: bind: forwarders maybe cached causing it to obtain and pass on potentially incorrect answers</issue> <issue tracker="bnc" id="1197136">VUL-0: CVE-2022-0396: bind: TCP connection slots could be consumed for an indefinite time frame</issue> <issue tracker="bnc" id="1199044">after upgrading 15.3 t o 15.4 via dup, a simple bind configuration doesnt start any more - named.prep error</issue> <issue tracker="bnc" id="1200685">bind: logrotation broken since dropping chroot</issue> <issue id="SLE-24600" tracker="jsc" /> <packager>jmoellers</packager> <rating>important</rating> <category>security</category> <summary>Security update for bind</summary> <description>This update for bind fixes the following issues: - CVE-2021-25219: Fixed flaw that allowed abusing lame cache to severely degrade resolver performance (bsc#1192146). - CVE-2021-25220: Fixed potentially incorrect answers by cached forwarders (bsc#1197135). - CVE-2022-0396: Fixed a incorrect handling of TCP connection slots time frame leading to deny of service (bsc#1197136). The following non-security bugs were fixed: - Update to release 9.16.31 (jsc#SLE-24600). - Logrotation broken since dropping chroot (bsc#1200685). - A non-existent initialization script (eg a leftorver "createNamedConfInclude" in /etc/sysconfig/named) may cause named not to start. A warning message is printed in named.prep and the fact is ignored. Also, the return value of a failed script was not handled properly causing a failed script to not prevent named to start. This is now fixed properly. [bsc#1199044, vendor-files.tar.bz2] </description> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor