MGASA-2019-0299

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2019-0299.html

Import Source

https://advisories.mageia.org/MGASA-2019-0299.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2019-0299

Related

Published

2019-10-23T21:06:40Z

Modified

2019-10-23T19:40:30Z

Summary

Updated bind packages fix security vulnerabilities

Details

Updated bind packages fix security vulnerabilities

Limiting simultaneous TCP clients is ineffective (CVE-2018-5743)

Race condition when discarding malformed packets can cause bind to exit with assertion failure (CVE-2019-6471)

In addition to those two security issues, this package releases also fixes two additional issues: - a missing conflict tag between old bind and bnew ind-utils subpackages, preventing upgrade due to a file conflict - missing root.key file, despite this one being refered in default configuration

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:7 / bind

Package

Name: bind
Purl: pkg:rpm/mageia/bind?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.11.6-1.1.mga7

Ecosystem specific

{
    "section": "core"
}