MGASA-2022-0388
- Source
- https://advisories.mageia.org/MGASA-2022-0388.html
- Import Source
- https://advisories.mageia.org/MGASA-2022-0388.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MGASA-2022-0388
- Related
- Published
- 2022-10-23T22:48:35Z
- Modified
- 2022-10-23T21:54:32Z
- Summary
- Updated bind packages fix security vulnerability
- Details
-
By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service. (CVE-2022-2795)
By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. (CVE-2022-38177, CVE-2022-38178)
- References
-
- https://advisories.mageia.org/MGASA-2022-0388.html
- https://bugs.mageia.org/show_bug.cgi?id=30877
- https://kb.isc.org/docs/cve-2022-2795
- https://kb.isc.org/docs/cve-2022-38177
- https://kb.isc.org/docs/cve-2022-38178
- https://ubuntu.com/security/notices/USN-5626-1
- https://www.debian.org/lts/security/2022/dla-3138
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:8 / bind
Package
- Name
- bind
- Purl
- pkg:rpm/mageia/bind?distro=mageia-8