Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-8623 (GCVE-0-2020-8623)
Vulnerability from cvelistv5 – Published: 2020-08-21 20:50 – Updated: 2024-09-17 03:19
VLAI?
EPSS
Title
A flaw in native PKCS#11 code can lead to a remotely triggerable assertion failure in pk11.c
Summary
In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with "--enable-native-pkcs11" * be signing one or more zones with an RSA key * be able to receive queries from a possible attacker
Severity ?
7.5 (High)
CWE
- If BIND is built with "--enable-native-pkcs11" then a specially crafted query for a zone signed with RSA can trigger an assertion failure. Affects BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition
Assigner
References
11 references
| URL | Tags |
|---|---|
| https://kb.isc.org/docs/cve-2020-8623 | x_refsource_CONFIRM |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://security.netapp.com/advisory/ntap-2020082… | x_refsource_CONFIRM |
| https://usn.ubuntu.com/4468-1/ | vendor-advisoryx_refsource_UBUNTU |
| https://www.debian.org/security/2020/dsa-4752 | vendor-advisoryx_refsource_DEBIAN |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.debian.org/debian-lts-announce/2020… | mailing-listx_refsource_MLIST |
| https://security.gentoo.org/glsa/202008-19 | vendor-advisoryx_refsource_GENTOO |
| https://www.synology.com/security/advisory/Synolo… | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ISC | BIND9 |
Affected:
9.10.0 , < unspecified
(custom)
Affected: unspecified , < 9.11.22 (custom) Affected: 9.12.0 , < unspecified (custom) Affected: unspecified , < 9.16.6 (custom) Affected: 9.17.0 , < unspecified (custom) Affected: unspecified , < 9.17.4 (custom) Affected: 9.10.5-S1 , < Supported Preview* (custom) |
Date Public ?
2020-08-20 00:00
Credits
ISC would like to thank Lyu Chiy for bringing this vulnerability to our attention.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:46.191Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.isc.org/docs/cve-2020-8623"
},
{
"name": "FEDORA-2020-a02b7a0f21",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQN62GBMCIC5AY4KYADGXNKVY6AJKSJE/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200827-0003/"
},
{
"name": "USN-4468-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4468-1/"
},
{
"name": "DSA-4752",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4752"
},
{
"name": "FEDORA-2020-14c194e5af",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKAMJZXR66P6S5LEU4SN7USSNCWTXEXP/"
},
{
"name": "[debian-lts-announce] 20200829 [SECURITY] [DLA 2355-1] bind9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00053.html"
},
{
"name": "GLSA-202008-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202008-19"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_20_19"
},
{
"name": "openSUSE-SU-2020:1699",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html"
},
{
"name": "openSUSE-SU-2020:1701",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIND9",
"vendor": "ISC",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "9.10.0",
"versionType": "custom"
},
{
"lessThan": "9.11.22",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "9.12.0",
"versionType": "custom"
},
{
"lessThan": "9.16.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "9.17.0",
"versionType": "custom"
},
{
"lessThan": "9.17.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"changes": [
{
"at": "9.11.22-S1",
"status": "unaffected"
}
],
"lessThan": "Supported Preview*",
"status": "affected",
"version": "9.10.5-S1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ISC would like to thank Lyu Chiy for bringing this vulnerability to our attention."
}
],
"datePublic": "2020-08-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In BIND 9.10.0 -\u003e 9.11.21, 9.12.0 -\u003e 9.16.5, 9.17.0 -\u003e 9.17.3, also affects 9.10.5-S1 -\u003e 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with \"--enable-native-pkcs11\" * be signing one or more zones with an RSA key * be able to receive queries from a possible attacker"
}
],
"exploits": [
{
"lang": "en",
"value": "We are not aware of any active exploits."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "If BIND is built with \"--enable-native-pkcs11\" then a specially crafted query for a zone signed with RSA can trigger an assertion failure. Affects BIND 9.10.0 -\u003e 9.11.21, 9.12.0 -\u003e 9.16.5, 9.17.0 -\u003e 9.17.3, also affects 9.10.5-S1 -\u003e 9.11.21-S1 of the BIND 9 Supported Preview Edition",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-20T11:06:36.000Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.isc.org/docs/cve-2020-8623"
},
{
"name": "FEDORA-2020-a02b7a0f21",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQN62GBMCIC5AY4KYADGXNKVY6AJKSJE/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200827-0003/"
},
{
"name": "USN-4468-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4468-1/"
},
{
"name": "DSA-4752",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4752"
},
{
"name": "FEDORA-2020-14c194e5af",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKAMJZXR66P6S5LEU4SN7USSNCWTXEXP/"
},
{
"name": "[debian-lts-announce] 20200829 [SECURITY] [DLA 2355-1] bind9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00053.html"
},
{
"name": "GLSA-202008-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202008-19"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_20_19"
},
{
"name": "openSUSE-SU-2020:1699",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html"
},
{
"name": "openSUSE-SU-2020:1701",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of BIND:\n\n BIND 9.11.22\n BIND 9.16.6\n BIND 9.17.4\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9.11.22-S1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "A flaw in native PKCS#11 code can lead to a remotely triggerable assertion failure in pk11.c",
"workarounds": [
{
"lang": "en",
"value": "No workarounds known."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-officer@isc.org",
"DATE_PUBLIC": "2020-08-20T18:35:08.000Z",
"ID": "CVE-2020-8623",
"STATE": "PUBLIC",
"TITLE": "A flaw in native PKCS#11 code can lead to a remotely triggerable assertion failure in pk11.c"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIND9",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "9.10.0"
},
{
"version_affected": "\u003c",
"version_value": "9.11.22"
},
{
"version_affected": "\u003e=",
"version_value": "9.12.0"
},
{
"version_affected": "\u003c",
"version_value": "9.16.6"
},
{
"version_affected": "\u003e=",
"version_value": "9.17.0"
},
{
"version_affected": "\u003c",
"version_value": "9.17.4"
},
{
"version_affected": "\u003e=",
"version_name": "Supported Preview",
"version_value": "9.10.5-S1"
},
{
"version_affected": "\u003c",
"version_name": "Supported Preview",
"version_value": "9.11.22-S1"
}
]
}
}
]
},
"vendor_name": "ISC"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "ISC would like to thank Lyu Chiy for bringing this vulnerability to our attention."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In BIND 9.10.0 -\u003e 9.11.21, 9.12.0 -\u003e 9.16.5, 9.17.0 -\u003e 9.17.3, also affects 9.10.5-S1 -\u003e 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with \"--enable-native-pkcs11\" * be signing one or more zones with an RSA key * be able to receive queries from a possible attacker"
}
]
},
"exploit": [
{
"lang": "en",
"value": "We are not aware of any active exploits."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "If BIND is built with \"--enable-native-pkcs11\" then a specially crafted query for a zone signed with RSA can trigger an assertion failure. Affects BIND 9.10.0 -\u003e 9.11.21, 9.12.0 -\u003e 9.16.5, 9.17.0 -\u003e 9.17.3, also affects 9.10.5-S1 -\u003e 9.11.21-S1 of the BIND 9 Supported Preview Edition"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.isc.org/docs/cve-2020-8623",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/docs/cve-2020-8623"
},
{
"name": "FEDORA-2020-a02b7a0f21",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DQN62GBMCIC5AY4KYADGXNKVY6AJKSJE/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200827-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200827-0003/"
},
{
"name": "USN-4468-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4468-1/"
},
{
"name": "DSA-4752",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4752"
},
{
"name": "FEDORA-2020-14c194e5af",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKAMJZXR66P6S5LEU4SN7USSNCWTXEXP/"
},
{
"name": "[debian-lts-announce] 20200829 [SECURITY] [DLA 2355-1] bind9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00053.html"
},
{
"name": "GLSA-202008-19",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202008-19"
},
{
"name": "https://www.synology.com/security/advisory/Synology_SA_20_19",
"refsource": "CONFIRM",
"url": "https://www.synology.com/security/advisory/Synology_SA_20_19"
},
{
"name": "openSUSE-SU-2020:1699",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html"
},
{
"name": "openSUSE-SU-2020:1701",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of BIND:\n\n BIND 9.11.22\n BIND 9.16.6\n BIND 9.17.4\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9.11.22-S1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "No workarounds known."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2020-8623",
"datePublished": "2020-08-21T20:50:19.797Z",
"dateReserved": "2020-02-05T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:19:11.433Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2020-8623",
"date": "2026-05-25",
"epss": "0.18318",
"percentile": "0.95306"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"9.10.0\", \"versionEndIncluding\": \"9.11.21\", \"matchCriteriaId\": \"53A66988-89C6-4329-8850-18BFBB4C8C8B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"9.12.1\", \"versionEndIncluding\": \"9.16.5\", \"matchCriteriaId\": \"DC734B51-6779-42C8-AE51-C4B92778AA64\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"9.17.0\", \"versionEndIncluding\": \"9.17.3\", \"matchCriteriaId\": \"85031A21-4F54-4CE6-B0F3-66D09928FF3C\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:isc:bind:9.10.5:s1:*:*:supported_preview:*:*:*\", \"matchCriteriaId\": \"CAD41122-C5D8-4256-8CB7-FF88DCD96A13\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:isc:bind:9.11.21:s1:*:*:supported_preview:*:*:*\", \"matchCriteriaId\": \"5CC1F26C-4757-4C87-BD8B-2FA456A88C6F\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"80F0FA5D-8D3B-4C0E-81E2-87998286AF33\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"36D96259-24BD-44E2-96D9-78CE1D41F956\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B620311B-34A3-48A6-82DF-6F078D7A4493\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B009C22E-30A4-4288-BCF6-C3E81DEAF45A\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*\", \"matchCriteriaId\": \"7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"902B8056-9E37-443B-8905-8AA93E2447FB\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:synology:dns_server:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.2.2-5027\", \"matchCriteriaId\": \"54997147-2421-4DE2-9B7C-844D0DC89D20\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E94F7F59-1785-493F-91A7-5F5EA5E87E4D\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"In BIND 9.10.0 -\u003e 9.11.21, 9.12.0 -\u003e 9.16.5, 9.17.0 -\u003e 9.17.3, also affects 9.10.5-S1 -\u003e 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with \\\"--enable-native-pkcs11\\\" * be signing one or more zones with an RSA key * be able to receive queries from a possible attacker\"}, {\"lang\": \"es\", \"value\": \"En BIND versiones 9.10.0 -) 9.11.21, 9.12.0 -) 9.16.5, 9.17.0 -) 9.17.3, tambi\\u00e9n afecta a versiones 9.10.5-S1 -) 9.11.21-S1 de BIND 9 Supported Preview Edition, un atacante que puede llegar a un sistema vulnerable con un paquete de consulta especialmente dise\\u00f1ado puede desencadenar un bloqueo. Para ser vulnerable, el sistema debe: * estar ejecutando BIND que fue creado con \\\"--enable-native-pkcs11\\\" * estar firmando una o m\\u00e1s zonas con una clave RSA * ser capaz de recibir consultas de un posible atacante\"}]",
"id": "CVE-2020-8623",
"lastModified": "2024-11-21T05:39:08.767",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"security-officer@isc.org\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:N/A:P\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2020-08-21T21:15:12.327",
"references": "[{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html\", \"source\": \"security-officer@isc.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html\", \"source\": \"security-officer@isc.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://kb.isc.org/docs/cve-2020-8623\", \"source\": \"security-officer@isc.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2020/08/msg00053.html\", \"source\": \"security-officer@isc.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQN62GBMCIC5AY4KYADGXNKVY6AJKSJE/\", \"source\": \"security-officer@isc.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKAMJZXR66P6S5LEU4SN7USSNCWTXEXP/\", \"source\": \"security-officer@isc.org\"}, {\"url\": \"https://security.gentoo.org/glsa/202008-19\", \"source\": \"security-officer@isc.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20200827-0003/\", \"source\": \"security-officer@isc.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/4468-1/\", \"source\": \"security-officer@isc.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2020/dsa-4752\", \"source\": \"security-officer@isc.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.synology.com/security/advisory/Synology_SA_20_19\", \"source\": \"security-officer@isc.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://kb.isc.org/docs/cve-2020-8623\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2020/08/msg00053.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQN62GBMCIC5AY4KYADGXNKVY6AJKSJE/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKAMJZXR66P6S5LEU4SN7USSNCWTXEXP/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.gentoo.org/glsa/202008-19\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20200827-0003/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/4468-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2020/dsa-4752\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.synology.com/security/advisory/Synology_SA_20_19\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "security-officer@isc.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-617\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2020-8623\",\"sourceIdentifier\":\"security-officer@isc.org\",\"published\":\"2020-08-21T21:15:12.327\",\"lastModified\":\"2024-11-21T05:39:08.767\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In BIND 9.10.0 -\u003e 9.11.21, 9.12.0 -\u003e 9.16.5, 9.17.0 -\u003e 9.17.3, also affects 9.10.5-S1 -\u003e 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with \\\"--enable-native-pkcs11\\\" * be signing one or more zones with an RSA key * be able to receive queries from a possible attacker\"},{\"lang\":\"es\",\"value\":\"En BIND versiones 9.10.0 -) 9.11.21, 9.12.0 -) 9.16.5, 9.17.0 -) 9.17.3, tambi\u00e9n afecta a versiones 9.10.5-S1 -) 9.11.21-S1 de BIND 9 Supported Preview Edition, un atacante que puede llegar a un sistema vulnerable con un paquete de consulta especialmente dise\u00f1ado puede desencadenar un bloqueo. Para ser vulnerable, el sistema debe: * estar ejecutando BIND que fue creado con \\\"--enable-native-pkcs11\\\" * estar firmando una o m\u00e1s zonas con una clave RSA * ser capaz de recibir consultas de un posible atacante\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-officer@isc.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-617\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.10.0\",\"versionEndIncluding\":\"9.11.21\",\"matchCriteriaId\":\"53A66988-89C6-4329-8850-18BFBB4C8C8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.12.1\",\"versionEndIncluding\":\"9.16.5\",\"matchCriteriaId\":\"DC734B51-6779-42C8-AE51-C4B92778AA64\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.17.0\",\"versionEndIncluding\":\"9.17.3\",\"matchCriteriaId\":\"85031A21-4F54-4CE6-B0F3-66D09928FF3C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:isc:bind:9.10.5:s1:*:*:supported_preview:*:*:*\",\"matchCriteriaId\":\"CAD41122-C5D8-4256-8CB7-FF88DCD96A13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:isc:bind:9.11.21:s1:*:*:supported_preview:*:*:*\",\"matchCriteriaId\":\"5CC1F26C-4757-4C87-BD8B-2FA456A88C6F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80F0FA5D-8D3B-4C0E-81E2-87998286AF33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36D96259-24BD-44E2-96D9-78CE1D41F956\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B009C22E-30A4-4288-BCF6-C3E81DEAF45A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*\",\"matchCriteriaId\":\"7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"902B8056-9E37-443B-8905-8AA93E2447FB\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synology:dns_server:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.2.2-5027\",\"matchCriteriaId\":\"54997147-2421-4DE2-9B7C-844D0DC89D20\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E94F7F59-1785-493F-91A7-5F5EA5E87E4D\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html\",\"source\":\"security-officer@isc.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html\",\"source\":\"security-officer@isc.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://kb.isc.org/docs/cve-2020-8623\",\"source\":\"security-officer@isc.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/08/msg00053.html\",\"source\":\"security-officer@isc.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQN62GBMCIC5AY4KYADGXNKVY6AJKSJE/\",\"source\":\"security-officer@isc.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKAMJZXR66P6S5LEU4SN7USSNCWTXEXP/\",\"source\":\"security-officer@isc.org\"},{\"url\":\"https://security.gentoo.org/glsa/202008-19\",\"source\":\"security-officer@isc.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20200827-0003/\",\"source\":\"security-officer@isc.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4468-1/\",\"source\":\"security-officer@isc.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4752\",\"source\":\"security-officer@isc.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.synology.com/security/advisory/Synology_SA_20_19\",\"source\":\"security-officer@isc.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://kb.isc.org/docs/cve-2020-8623\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/08/msg00053.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQN62GBMCIC5AY4KYADGXNKVY6AJKSJE/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKAMJZXR66P6S5LEU4SN7USSNCWTXEXP/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202008-19\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20200827-0003/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4468-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4752\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.synology.com/security/advisory/Synology_SA_20_19\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
CERTFR-2020-AVI-523
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans BIND. Elles permettent à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "BIND versions 9.17.x ant\u00e9rieures \u00e0 9.17.4",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND versions ant\u00e9rieures \u00e0 9.11.22",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND versions 9.12.x \u00e0 9.16.x ant\u00e9rieures \u00e0 9.16.6",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-8622",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8622"
},
{
"name": "CVE-2020-8624",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8624"
},
{
"name": "CVE-2020-8621",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8621"
},
{
"name": "CVE-2020-8623",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8623"
},
{
"name": "CVE-2020-8620",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8620"
}
],
"links": [],
"reference": "CERTFR-2020-AVI-523",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-08-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans BIND. Elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans BIND",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 BIND cve-2020-8623 du 20 ao\u00fbt 2020",
"url": "https://kb.isc.org/docs/cve-2020-8623"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 BIND cve-2020-8622 du 20 ao\u00fbt 2020",
"url": "https://kb.isc.org/docs/cve-2020-8622"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 BIND cve-2020-8624 du 20 ao\u00fbt 2020",
"url": "https://kb.isc.org/docs/cve-2020-8624"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 BIND cve-2020-8621 du 20 ao\u00fbt 2020",
"url": "https://kb.isc.org/docs/cve-2020-8621"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 BIND cve-2020-8620 du 20 ao\u00fbt 2020",
"url": "https://kb.isc.org/docs/cve-2020-8620"
}
]
}
CERTFR-2021-AVI-177
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans F5 BIG-IP. Elles permettent à un attaquant de provoquer un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| F5 | BIG-IP | BIG-IP (LTM, AAM, Advanced WAF, AFM, Analytics, APM, ASM, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO) versions 12.x antérieures à 12.1.5.3 | ||
| F5 | BIG-IP | BIG-IP (LTM, AAM, Advanced WAF, AFM, Analytics, APM, ASM, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO) versions 13.x antérieures à 13.1.3.5 | ||
| F5 | BIG-IP | BIG-IP (LTM, AAM, Advanced WAF, AFM, Analytics, APM, ASM, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO) versions 16.x antérieures à 16.0.0.1 | ||
| F5 | BIG-IP | BIG-IP (LTM, AAM, Advanced WAF, AFM, Analytics, APM, ASM, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO) versions 11.x antérieures à 11.6.5.3 | ||
| F5 | BIG-IP | BIG-IP (LTM, AAM, Advanced WAF, AFM, Analytics, APM, ASM, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO) versions 15.x antérieures à 15.1.1 | ||
| F5 | BIG-IP | BIG-IP (LTM, AAM, Advanced WAF, AFM, Analytics, APM, ASM, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO) versions 14.x antérieures à 14.1.2.8 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "BIG-IP (LTM, AAM, Advanced WAF, AFM, Analytics, APM, ASM, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO) versions 12.x ant\u00e9rieures \u00e0 12.1.5.3",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (LTM, AAM, Advanced WAF, AFM, Analytics, APM, ASM, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO) versions 13.x ant\u00e9rieures \u00e0 13.1.3.5",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (LTM, AAM, Advanced WAF, AFM, Analytics, APM, ASM, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO) versions 16.x ant\u00e9rieures \u00e0 16.0.0.1",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (LTM, AAM, Advanced WAF, AFM, Analytics, APM, ASM, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO) versions 11.x ant\u00e9rieures \u00e0 11.6.5.3",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (LTM, AAM, Advanced WAF, AFM, Analytics, APM, ASM, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO) versions 15.x ant\u00e9rieures \u00e0 15.1.1",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (LTM, AAM, Advanced WAF, AFM, Analytics, APM, ASM, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO) versions 14.x ant\u00e9rieures \u00e0 14.1.2.8",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-2628",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2628"
},
{
"name": "CVE-2020-8623",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8623"
}
],
"links": [],
"reference": "CERTFR-2021-AVI-177",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-03-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans F5 BIG-IP. Elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance et\nun contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans F5 BIG-IP",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 BIG-IP K82252291 du 10 mars 2021",
"url": "https://support.f5.com/csp/article/K82252291"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 BIG-IP K35453761 du 10 mars 2021",
"url": "https://support.f5.com/csp/article/K35453761"
}
]
}
CERTFR-2020-AVI-523
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans BIND. Elles permettent à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "BIND versions 9.17.x ant\u00e9rieures \u00e0 9.17.4",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND versions ant\u00e9rieures \u00e0 9.11.22",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND versions 9.12.x \u00e0 9.16.x ant\u00e9rieures \u00e0 9.16.6",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-8622",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8622"
},
{
"name": "CVE-2020-8624",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8624"
},
{
"name": "CVE-2020-8621",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8621"
},
{
"name": "CVE-2020-8623",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8623"
},
{
"name": "CVE-2020-8620",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8620"
}
],
"links": [],
"reference": "CERTFR-2020-AVI-523",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-08-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans BIND. Elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans BIND",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 BIND cve-2020-8623 du 20 ao\u00fbt 2020",
"url": "https://kb.isc.org/docs/cve-2020-8623"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 BIND cve-2020-8622 du 20 ao\u00fbt 2020",
"url": "https://kb.isc.org/docs/cve-2020-8622"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 BIND cve-2020-8624 du 20 ao\u00fbt 2020",
"url": "https://kb.isc.org/docs/cve-2020-8624"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 BIND cve-2020-8621 du 20 ao\u00fbt 2020",
"url": "https://kb.isc.org/docs/cve-2020-8621"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 BIND cve-2020-8620 du 20 ao\u00fbt 2020",
"url": "https://kb.isc.org/docs/cve-2020-8620"
}
]
}
CERTFR-2021-AVI-177
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans F5 BIG-IP. Elles permettent à un attaquant de provoquer un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| F5 | BIG-IP | BIG-IP (LTM, AAM, Advanced WAF, AFM, Analytics, APM, ASM, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO) versions 12.x antérieures à 12.1.5.3 | ||
| F5 | BIG-IP | BIG-IP (LTM, AAM, Advanced WAF, AFM, Analytics, APM, ASM, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO) versions 13.x antérieures à 13.1.3.5 | ||
| F5 | BIG-IP | BIG-IP (LTM, AAM, Advanced WAF, AFM, Analytics, APM, ASM, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO) versions 16.x antérieures à 16.0.0.1 | ||
| F5 | BIG-IP | BIG-IP (LTM, AAM, Advanced WAF, AFM, Analytics, APM, ASM, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO) versions 11.x antérieures à 11.6.5.3 | ||
| F5 | BIG-IP | BIG-IP (LTM, AAM, Advanced WAF, AFM, Analytics, APM, ASM, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO) versions 15.x antérieures à 15.1.1 | ||
| F5 | BIG-IP | BIG-IP (LTM, AAM, Advanced WAF, AFM, Analytics, APM, ASM, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO) versions 14.x antérieures à 14.1.2.8 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "BIG-IP (LTM, AAM, Advanced WAF, AFM, Analytics, APM, ASM, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO) versions 12.x ant\u00e9rieures \u00e0 12.1.5.3",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (LTM, AAM, Advanced WAF, AFM, Analytics, APM, ASM, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO) versions 13.x ant\u00e9rieures \u00e0 13.1.3.5",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (LTM, AAM, Advanced WAF, AFM, Analytics, APM, ASM, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO) versions 16.x ant\u00e9rieures \u00e0 16.0.0.1",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (LTM, AAM, Advanced WAF, AFM, Analytics, APM, ASM, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO) versions 11.x ant\u00e9rieures \u00e0 11.6.5.3",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (LTM, AAM, Advanced WAF, AFM, Analytics, APM, ASM, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO) versions 15.x ant\u00e9rieures \u00e0 15.1.1",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (LTM, AAM, Advanced WAF, AFM, Analytics, APM, ASM, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO) versions 14.x ant\u00e9rieures \u00e0 14.1.2.8",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-2628",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2628"
},
{
"name": "CVE-2020-8623",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8623"
}
],
"links": [],
"reference": "CERTFR-2021-AVI-177",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-03-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans F5 BIG-IP. Elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance et\nun contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans F5 BIG-IP",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 BIG-IP K82252291 du 10 mars 2021",
"url": "https://support.f5.com/csp/article/K82252291"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 BIG-IP K35453761 du 10 mars 2021",
"url": "https://support.f5.com/csp/article/K35453761"
}
]
}
BDU:2021-01693
Vulnerability from fstec - Published: 20.08.2020
VLAI Severity ?
Title
Уязвимость реализации сборки DNS-сервера с опцией «--enable-native-pkcs11» Bind9, позволяющая нарушителю вызвать отказ в обслуживании
Description
Уязвимость реализации сборки DNS-сервера с опцией «--enable-native-pkcs11» Bind9 связана с недостатком механизма управлением привилегиями. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании через отправку специально сформированных запросов DNS-зоны, подписанной ключом RSA
Severity ?
Vendor
Canonical Ltd., Сообщество свободного программного обеспечения, ООО «РусБИТех-Астра», Novell Inc., Fedora Project, Internet Systems Consortium, АО «Концерн ВНИИНС», АО «ИВК»
Software Name
Ubuntu, Debian GNU/Linux, Astra Linux Special Edition (запись в едином реестре российских программ №369), Astra Linux Common Edition (запись в едином реестре российских программ №4433), OpenSUSE Leap, Fedora, Astra Linux Special Edition для «Эльбрус» (запись в едином реестре российских программ №11156), BIND, ОС ОН «Стрелец» (запись в едином реестре российских программ №6177), Альт 8 СП (запись в едином реестре российских программ №4305)
Software Version
16.04 LTS (Ubuntu), 9 (Debian GNU/Linux), 18.04 LTS (Ubuntu), 1.6 «Смоленск» (Astra Linux Special Edition), 2.12 «Орёл» (Astra Linux Common Edition), 15.1 (OpenSUSE Leap), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), 31 (Fedora), 8.1 «Ленинград» (Astra Linux Special Edition для «Эльбрус»), 32 (Fedora), 20.04 LTS (Ubuntu), 15.2 (OpenSUSE Leap), от 9.10.0 до 9.11.21 включительно (BIND), от 9.12.1 до 9.16.5 включительно (BIND), от 9.17.0 до 9.17.3 включительно (BIND), 1.0 (ОС ОН «Стрелец»), - (Альт 8 СП), до 16.01.2023 (ОС ОН «Стрелец»)
Possible Mitigations
Использование рекомендаций:
Для Bind9:
https://kb.isc.org/docs/cve-2020-8623
Для Debian:
https://lists.debian.org/debian-lts-announce/2020/08/msg00053.html
https://www.debian.org/security/2020/dsa-4752
Для программных продуктов Novell Inc.:
https://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html
https://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html
Для Ubuntu:
https://ubuntu.com/security/notices/USN-4468-1
Для Fedora:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DQN62GBMCIC5AY4KYADGXNKVY6AJKSJE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKAMJZXR66P6S5LEU4SN7USSNCWTXEXP/
Для Astra Linux:
Обновление программного обеспечения (пакета bind9) до 1:9.11.5.P4+dfsg-5.1+deb10u2 или более поздней версии
Или использование рекомендаций производителя:
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20210730SE16
https://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81
Для ОС ОН «Стрелец»:
https://strelets.net/patchi-i-obnovleniya-bezopasnosti#kumulyativnoe-obnovlenie
Для ОС ОН «Стрелец»:
Обновление программного обеспечения bind9 до версии 1:9.10.3.dfsg.P4-12.3+deb9u12.strelets1
Для ОС Альт 8 СП: установка обновления из публичного репозитория программного средства
Reference
https://kb.isc.org/docs/cve-2020-8623
https://lists.debian.org/debian-lts-announce/2020/08/msg00053.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DQN62GBMCIC5AY4KYADGXNKVY6AJKSJE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKAMJZXR66P6S5LEU4SN7USSNCWTXEXP/
https://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html
https://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html
https://nvd.nist.gov/vuln/detail/CVE-2020-8623
https://security-tracker.debian.org/tracker/CVE-2020-8623
https://strelets.net/patchi-i-obnovleniya-bezopasnosti#kumulyativnoe-obnovlenie
https://ubuntu.com/security/notices/USN-4468-1
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20210611SE16
https://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81
https://www.debian.org/security/2020/dsa-4752
https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023
https://altsp.su/obnovleniya-bezopasnosti/
CWE
CWE-269
{
"CVSS 2.0": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Canonical Ltd., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Novell Inc., Fedora Project, Internet Systems Consortium, \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb, \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "16.04 LTS (Ubuntu), 9 (Debian GNU/Linux), 18.04 LTS (Ubuntu), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 2.12 \u00ab\u041e\u0440\u0451\u043b\u00bb (Astra Linux Common Edition), 15.1 (OpenSUSE Leap), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), 31 (Fedora), 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb), 32 (Fedora), 20.04 LTS (Ubuntu), 15.2 (OpenSUSE Leap), \u043e\u0442 9.10.0 \u0434\u043e 9.11.21 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (BIND), \u043e\u0442 9.12.1 \u0434\u043e 9.16.5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (BIND), \u043e\u0442 9.17.0 \u0434\u043e 9.17.3 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (BIND), 1.0 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Bind9:\nhttps://kb.isc.org/docs/cve-2020-8623\n\n\u0414\u043b\u044f Debian:\nhttps://lists.debian.org/debian-lts-announce/2020/08/msg00053.html\nhttps://www.debian.org/security/2020/dsa-4752\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html\nhttps://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html\n\n\u0414\u043b\u044f Ubuntu:\nhttps://ubuntu.com/security/notices/USN-4468-1\n\n\u0414\u043b\u044f Fedora:\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DQN62GBMCIC5AY4KYADGXNKVY6AJKSJE/\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKAMJZXR66P6S5LEU4SN7USSNCWTXEXP/\n\n\u0414\u043b\u044f Astra Linux:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f (\u043f\u0430\u043a\u0435\u0442\u0430 bind9) \u0434\u043e 1:9.11.5.P4+dfsg-5.1+deb10u2 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0418\u043b\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20210730SE16\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#kumulyativnoe-obnovlenie\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f bind9 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1:9.10.3.dfsg.P4-12.3+deb9u12.strelets1\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "20.08.2020",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "16.09.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "30.03.2021",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-01693",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2020-8623",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Ubuntu, Debian GNU/Linux, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Astra Linux Common Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164433), OpenSUSE Leap, Fedora, Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), BIND, \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177), \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Canonical Ltd. Ubuntu 16.04 LTS 32-bit, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , Canonical Ltd. Ubuntu 18.04 LTS , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Common Edition 2.12 \u00ab\u041e\u0440\u0451\u043b\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164433), Novell Inc. OpenSUSE Leap 15.1 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , Fedora Project Fedora 31 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), Fedora Project Fedora 32 , Canonical Ltd. Ubuntu 20.04 LTS , Novell Inc. OpenSUSE Leap 15.2 , \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb 1.0 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177), \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f - (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441\u0431\u043e\u0440\u043a\u0438 DNS-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0441 \u043e\u043f\u0446\u0438\u0435\u0439 \u00ab--enable-native-pkcs11\u00bb Bind9, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0435 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 (CWE-269)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441\u0431\u043e\u0440\u043a\u0438 DNS-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0441 \u043e\u043f\u0446\u0438\u0435\u0439 \u00ab--enable-native-pkcs11\u00bb Bind9 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u043e\u043c \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0447\u0435\u0440\u0435\u0437 \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0443 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 DNS-\u0437\u043e\u043d\u044b, \u043f\u043e\u0434\u043f\u0438\u0441\u0430\u043d\u043d\u043e\u0439 \u043a\u043b\u044e\u0447\u043e\u043c RSA",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://kb.isc.org/docs/cve-2020-8623\nhttps://lists.debian.org/debian-lts-announce/2020/08/msg00053.html\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DQN62GBMCIC5AY4KYADGXNKVY6AJKSJE/\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKAMJZXR66P6S5LEU4SN7USSNCWTXEXP/\nhttps://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html\nhttps://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-8623\nhttps://security-tracker.debian.org/tracker/CVE-2020-8623\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#kumulyativnoe-obnovlenie\nhttps://ubuntu.com/security/notices/USN-4468-1\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20210611SE16\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81\nhttps://www.debian.org/security/2020/dsa-4752\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023\nhttps://altsp.su/obnovleniya-bezopasnosti/",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-269",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,3)"
}
FKIE_CVE-2020-8623
Vulnerability from fkie_nvd - Published: 2020-08-21 21:15 - Updated: 2024-11-21 05:39
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with "--enable-native-pkcs11" * be signing one or more zones with an RSA key * be able to receive queries from a possible attacker
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| isc | bind | * | |
| isc | bind | * | |
| isc | bind | * | |
| isc | bind | 9.10.5 | |
| isc | bind | 9.11.21 | |
| fedoraproject | fedora | 31 | |
| fedoraproject | fedora | 32 | |
| opensuse | leap | 15.1 | |
| opensuse | leap | 15.2 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 20.04 | |
| synology | dns_server | * | |
| netapp | steelstore_cloud_integrated_storage | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53A66988-89C6-4329-8850-18BFBB4C8C8B",
"versionEndIncluding": "9.11.21",
"versionStartIncluding": "9.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC734B51-6779-42C8-AE51-C4B92778AA64",
"versionEndIncluding": "9.16.5",
"versionStartIncluding": "9.12.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85031A21-4F54-4CE6-B0F3-66D09928FF3C",
"versionEndIncluding": "9.17.3",
"versionStartIncluding": "9.17.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:bind:9.10.5:s1:*:*:supported_preview:*:*:*",
"matchCriteriaId": "CAD41122-C5D8-4256-8CB7-FF88DCD96A13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.11.21:s1:*:*:supported_preview:*:*:*",
"matchCriteriaId": "5CC1F26C-4757-4C87-BD8B-2FA456A88C6F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synology:dns_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54997147-2421-4DE2-9B7C-844D0DC89D20",
"versionEndExcluding": "2.2.2-5027",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In BIND 9.10.0 -\u003e 9.11.21, 9.12.0 -\u003e 9.16.5, 9.17.0 -\u003e 9.17.3, also affects 9.10.5-S1 -\u003e 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with \"--enable-native-pkcs11\" * be signing one or more zones with an RSA key * be able to receive queries from a possible attacker"
},
{
"lang": "es",
"value": "En BIND versiones 9.10.0 -) 9.11.21, 9.12.0 -) 9.16.5, 9.17.0 -) 9.17.3, tambi\u00e9n afecta a versiones 9.10.5-S1 -) 9.11.21-S1 de BIND 9 Supported Preview Edition, un atacante que puede llegar a un sistema vulnerable con un paquete de consulta especialmente dise\u00f1ado puede desencadenar un bloqueo. Para ser vulnerable, el sistema debe: * estar ejecutando BIND que fue creado con \"--enable-native-pkcs11\" * estar firmando una o m\u00e1s zonas con una clave RSA * ser capaz de recibir consultas de un posible atacante"
}
],
"id": "CVE-2020-8623",
"lastModified": "2024-11-21T05:39:08.767",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-officer@isc.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-21T21:15:12.327",
"references": [
{
"source": "security-officer@isc.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html"
},
{
"source": "security-officer@isc.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html"
},
{
"source": "security-officer@isc.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.isc.org/docs/cve-2020-8623"
},
{
"source": "security-officer@isc.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00053.html"
},
{
"source": "security-officer@isc.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQN62GBMCIC5AY4KYADGXNKVY6AJKSJE/"
},
{
"source": "security-officer@isc.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKAMJZXR66P6S5LEU4SN7USSNCWTXEXP/"
},
{
"source": "security-officer@isc.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202008-19"
},
{
"source": "security-officer@isc.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200827-0003/"
},
{
"source": "security-officer@isc.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4468-1/"
},
{
"source": "security-officer@isc.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4752"
},
{
"source": "security-officer@isc.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_20_19"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.isc.org/docs/cve-2020-8623"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00053.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQN62GBMCIC5AY4KYADGXNKVY6AJKSJE/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKAMJZXR66P6S5LEU4SN7USSNCWTXEXP/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202008-19"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200827-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4468-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4752"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_20_19"
}
],
"sourceIdentifier": "security-officer@isc.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-617"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-3HH5-H95J-2CW7
Vulnerability from github – Published: 2022-05-24 17:26 – Updated: 2022-05-24 17:26
VLAI?
Details
In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with "--enable-native-pkcs11" * be signing one or more zones with an RSA key * be able to receive queries from a possible attacker
Severity ?
7.5 (High)
{
"affected": [],
"aliases": [
"CVE-2020-8623"
],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-08-21T21:15:00Z",
"severity": "MODERATE"
},
"details": "In BIND 9.10.0 -\u003e 9.11.21, 9.12.0 -\u003e 9.16.5, 9.17.0 -\u003e 9.17.3, also affects 9.10.5-S1 -\u003e 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with \"--enable-native-pkcs11\" * be signing one or more zones with an RSA key * be able to receive queries from a possible attacker",
"id": "GHSA-3hh5-h95j-2cw7",
"modified": "2022-05-24T17:26:23Z",
"published": "2022-05-24T17:26:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8623"
},
{
"type": "WEB",
"url": "https://kb.isc.org/docs/cve-2020-8623"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00053.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DQN62GBMCIC5AY4KYADGXNKVY6AJKSJE"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKAMJZXR66P6S5LEU4SN7USSNCWTXEXP"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202008-19"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20200827-0003"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4468-1"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2020/dsa-4752"
},
{
"type": "WEB",
"url": "https://www.synology.com/security/advisory/Synology_SA_20_19"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2020-8623
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with "--enable-native-pkcs11" * be signing one or more zones with an RSA key * be able to receive queries from a possible attacker
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-8623",
"description": "In BIND 9.10.0 -\u003e 9.11.21, 9.12.0 -\u003e 9.16.5, 9.17.0 -\u003e 9.17.3, also affects 9.10.5-S1 -\u003e 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with \"--enable-native-pkcs11\" * be signing one or more zones with an RSA key * be able to receive queries from a possible attacker",
"id": "GSD-2020-8623",
"references": [
"https://www.suse.com/security/cve/CVE-2020-8623.html",
"https://www.debian.org/security/2020/dsa-4752",
"https://access.redhat.com/errata/RHSA-2020:5203",
"https://access.redhat.com/errata/RHSA-2020:5011",
"https://access.redhat.com/errata/RHSA-2020:4992",
"https://access.redhat.com/errata/RHSA-2020:4500",
"https://ubuntu.com/security/CVE-2020-8623",
"https://linux.oracle.com/cve/CVE-2020-8623.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-8623"
],
"details": "In BIND 9.10.0 -\u003e 9.11.21, 9.12.0 -\u003e 9.16.5, 9.17.0 -\u003e 9.17.3, also affects 9.10.5-S1 -\u003e 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with \"--enable-native-pkcs11\" * be signing one or more zones with an RSA key * be able to receive queries from a possible attacker",
"id": "GSD-2020-8623",
"modified": "2023-12-13T01:21:54.362788Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security-officer@isc.org",
"DATE_PUBLIC": "2020-08-20T18:35:08.000Z",
"ID": "CVE-2020-8623",
"STATE": "PUBLIC",
"TITLE": "A flaw in native PKCS#11 code can lead to a remotely triggerable assertion failure in pk11.c"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIND9",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "9.10.0"
},
{
"version_affected": "\u003c",
"version_value": "9.11.22"
},
{
"version_affected": "\u003e=",
"version_value": "9.12.0"
},
{
"version_affected": "\u003c",
"version_value": "9.16.6"
},
{
"version_affected": "\u003e=",
"version_value": "9.17.0"
},
{
"version_affected": "\u003c",
"version_value": "9.17.4"
},
{
"version_affected": "\u003e=",
"version_name": "Supported Preview",
"version_value": "9.10.5-S1"
},
{
"version_affected": "\u003c",
"version_name": "Supported Preview",
"version_value": "9.11.22-S1"
}
]
}
}
]
},
"vendor_name": "ISC"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "ISC would like to thank Lyu Chiy for bringing this vulnerability to our attention."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In BIND 9.10.0 -\u003e 9.11.21, 9.12.0 -\u003e 9.16.5, 9.17.0 -\u003e 9.17.3, also affects 9.10.5-S1 -\u003e 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with \"--enable-native-pkcs11\" * be signing one or more zones with an RSA key * be able to receive queries from a possible attacker"
}
]
},
"exploit": [
{
"lang": "eng",
"value": "We are not aware of any active exploits."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "If BIND is built with \"--enable-native-pkcs11\" then a specially crafted query for a zone signed with RSA can trigger an assertion failure. Affects BIND 9.10.0 -\u003e 9.11.21, 9.12.0 -\u003e 9.16.5, 9.17.0 -\u003e 9.17.3, also affects 9.10.5-S1 -\u003e 9.11.21-S1 of the BIND 9 Supported Preview Edition"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.isc.org/docs/cve-2020-8623",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/docs/cve-2020-8623"
},
{
"name": "FEDORA-2020-a02b7a0f21",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DQN62GBMCIC5AY4KYADGXNKVY6AJKSJE/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200827-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200827-0003/"
},
{
"name": "USN-4468-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4468-1/"
},
{
"name": "DSA-4752",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4752"
},
{
"name": "FEDORA-2020-14c194e5af",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKAMJZXR66P6S5LEU4SN7USSNCWTXEXP/"
},
{
"name": "[debian-lts-announce] 20200829 [SECURITY] [DLA 2355-1] bind9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00053.html"
},
{
"name": "GLSA-202008-19",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202008-19"
},
{
"name": "https://www.synology.com/security/advisory/Synology_SA_20_19",
"refsource": "CONFIRM",
"url": "https://www.synology.com/security/advisory/Synology_SA_20_19"
},
{
"name": "openSUSE-SU-2020:1699",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html"
},
{
"name": "openSUSE-SU-2020:1701",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Upgrade to the patched release most closely related to your current version of BIND:\n\n BIND 9.11.22\n BIND 9.16.6\n BIND 9.17.4\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9.11.22-S1\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "eng",
"value": "No workarounds known."
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.11.21",
"versionStartIncluding": "9.10.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.16.5",
"versionStartIncluding": "9.12.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.17.3",
"versionStartIncluding": "9.17.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:isc:bind:9.10.5:s1:*:*:supported_preview:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:bind:9.11.21:s1:*:*:supported_preview:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:synology:dns_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.2-5027",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security-officer@isc.org",
"ID": "CVE-2020-8623"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "In BIND 9.10.0 -\u003e 9.11.21, 9.12.0 -\u003e 9.16.5, 9.17.0 -\u003e 9.17.3, also affects 9.10.5-S1 -\u003e 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with \"--enable-native-pkcs11\" * be signing one or more zones with an RSA key * be able to receive queries from a possible attacker"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-617"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.isc.org/docs/cve-2020-8623",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.isc.org/docs/cve-2020-8623"
},
{
"name": "FEDORA-2020-a02b7a0f21",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DQN62GBMCIC5AY4KYADGXNKVY6AJKSJE/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200827-0003/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200827-0003/"
},
{
"name": "USN-4468-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4468-1/"
},
{
"name": "DSA-4752",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4752"
},
{
"name": "FEDORA-2020-14c194e5af",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKAMJZXR66P6S5LEU4SN7USSNCWTXEXP/"
},
{
"name": "[debian-lts-announce] 20200829 [SECURITY] [DLA 2355-1] bind9 security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00053.html"
},
{
"name": "https://www.synology.com/security/advisory/Synology_SA_20_19",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_20_19"
},
{
"name": "GLSA-202008-19",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202008-19"
},
{
"name": "openSUSE-SU-2020:1699",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html"
},
{
"name": "openSUSE-SU-2020:1701",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2022-04-28T18:27Z",
"publishedDate": "2020-08-21T21:15Z"
}
}
}
MSRC_CVE-2020-8623
Vulnerability from csaf_microsoft - Published: 2020-08-02 00:00 - Updated: 2020-08-26 00:00Summary
A flaw in native PKCS#11 code can lead to a remotely triggerable assertion failure in pk11.c
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
References
4 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2020/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2020/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2020-8623 A flaw in native PKCS#11 code can lead to a remotely triggerable assertion failure in pk11.c - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2020/msrc_cve-2020-8623.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "A flaw in native PKCS#11 code can lead to a remotely triggerable assertion failure in pk11.c",
"tracking": {
"current_release_date": "2020-08-26T00:00:00.000Z",
"generator": {
"date": "2025-10-19T18:03:13.170Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2020-8623",
"initial_release_date": "2020-08-02T00:00:00.000Z",
"revision_history": [
{
"date": "2020-08-26T00:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "1.0",
"product": {
"name": "CBL Mariner 1.0",
"product_id": "16820"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccm1 bind 9.16.3-2",
"product": {
"name": "\u003ccm1 bind 9.16.3-2",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "cm1 bind 9.16.3-2",
"product": {
"name": "cm1 bind 9.16.3-2",
"product_id": "19172"
}
}
],
"category": "product_name",
"name": "bind"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccm1 bind 9.16.3-2 as a component of CBL Mariner 1.0",
"product_id": "16820-1"
},
"product_reference": "1",
"relates_to_product_reference": "16820"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cm1 bind 9.16.3-2 as a component of CBL Mariner 1.0",
"product_id": "19172-16820"
},
"product_reference": "19172",
"relates_to_product_reference": "16820"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-8623",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"notes": [
{
"category": "general",
"text": "isc",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"19172-16820"
],
"known_affected": [
"16820-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2020-8623 A flaw in native PKCS#11 code can lead to a remotely triggerable assertion failure in pk11.c - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2020/msrc_cve-2020-8623.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-26T00:00:00.000Z",
"details": "9.16.3-2:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"16820-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalsScore": 0.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"16820-1"
]
}
],
"title": "A flaw in native PKCS#11 code can lead to a remotely triggerable assertion failure in pk11.c"
}
]
}
OPENSUSE-SU-2020:1699-1
Vulnerability from csaf_opensuse - Published: 2020-10-19 18:22 - Updated: 2020-10-19 18:22Summary
Security update for bind
Severity
Moderate
Notes
Title of the patch: Security update for bind
Description of the patch: This update for bind fixes the following issues:
BIND was upgraded to version 9.16.6:
Note:
- bind is now more strict in regards to DNSSEC. If queries are not working,
check for DNSSEC issues. For instance, if bind is used in a namserver
forwarder chain, the forwarding DNS servers must support DNSSEC.
Fixing security issues:
- CVE-2020-8616: Further limit the number of queries that can be triggered from
a request. Root and TLD servers are no longer exempt
from max-recursion-queries. Fetches for missing name server. (bsc#1171740)
Address records are limited to 4 for any domain.
- CVE-2020-8617: Replaying a TSIG BADTIME response as a request could trigger an
assertion failure. (bsc#1171740)
- CVE-2019-6477: Fixed an issue where TCP-pipelined queries could bypass
the tcp-clients limit (bsc#1157051).
- CVE-2018-5741: Fixed the documentation (bsc#1109160).
- CVE-2020-8618: It was possible to trigger an INSIST when determining
whether a record would fit into a TCP message buffer (bsc#1172958).
- CVE-2020-8619: It was possible to trigger an INSIST in
lib/dns/rbtdb.c:new_reference() with a particular zone content
and query patterns (bsc#1172958).
- CVE-2020-8624: 'update-policy' rules of type 'subdomain' were
incorrectly treated as 'zonesub' rules, which allowed
keys used in 'subdomain' rules to update names outside
of the specified subdomains. The problem was fixed by
making sure 'subdomain' rules are again processed as
described in the ARM (bsc#1175443).
- CVE-2020-8623: When BIND 9 was compiled with native PKCS#11 support, it
was possible to trigger an assertion failure in code
determining the number of bits in the PKCS#11 RSA public
key with a specially crafted packet (bsc#1175443).
- CVE-2020-8621: named could crash in certain query resolution scenarios
where QNAME minimization and forwarding were both
enabled (bsc#1175443).
- CVE-2020-8620: It was possible to trigger an assertion failure by
sending a specially crafted large TCP DNS message (bsc#1175443).
- CVE-2020-8622: It was possible to trigger an assertion failure when
verifying the response to a TSIG-signed request (bsc#1175443).
Other issues fixed:
- Add engine support to OpenSSL EdDSA implementation.
- Add engine support to OpenSSL ECDSA implementation.
- Update PKCS#11 EdDSA implementation to PKCS#11 v3.0.
- Warn about AXFR streams with inconsistent message IDs.
- Make ISC rwlock implementation the default again.
- Fixed issues when using cookie-secrets for AES and SHA2 (bsc#1161168)
- Installed the default files in /var/lib/named and created
chroot environment on systems using transactional-updates (bsc#1100369, fate#325524)
- Fixed an issue where bind was not working in FIPS mode (bsc#906079).
- Fixed dependency issues (bsc#1118367 and bsc#1118368).
- GeoIP support is now discontinued, now GeoIP2 is used(bsc#1156205).
- Fixed an issue with FIPS (bsc#1128220).
- The liblwres library is discontinued upstream and is no longer included.
- Added service dependency on NTP to make sure the clock is accurate when bind is starts (bsc#1170667, bsc#1170713).
- Reject DS records at the zone apex when loading master files. Log but otherwise ignore attempts to add DS records at the zone apex via UPDATE.
- The default value of 'max-stale-ttl' has been changed from 1 week to 12 hours.
- Zone timers are now exported via statistics channel.
- The 'primary' and 'secondary' keywords, when used as parameters for 'check-names', were not processed correctly and were being ignored.
- 'rndc dnstap -roll <value>' did not limit the number of saved files to <value>.
- Add 'rndc dnssec -status' command.
- Addressed a couple of situations where named could crash.
- Changed /var/lib/named to owner root:named and perms rwxrwxr-t
so that named, being a/the only member of the 'named' group
has full r/w access yet cannot change directories owned by root
in the case of a compromized named.
[bsc#1173307, bind-chrootenv.conf]
- Added '/etc/bind.keys' to NAMED_CONF_INCLUDE_FILES in /etc/sysconfig/named to suppress warning message re missing file (bsc#1173983).
- Removed '-r /dev/urandom' from all invocations of rndc-confgen
(init/named system/lwresd.init system/named.init in vendor-files)
as this option is deprecated and causes rndc-confgen to fail.
(bsc#1173311, bsc#1176674, bsc#1170713)
- /usr/bin/genDDNSkey: Removing the use of the -r option in the call
of /usr/sbin/dnssec-keygen as BIND now uses the random number
functions provided by the crypto library (i.e., OpenSSL or a
PKCS#11 provider) as a source of randomness rather than /dev/random.
Therefore the -r command line option no longer has any effect on
dnssec-keygen. Leaving the option in genDDNSkey as to not break
compatibility. Patch provided by Stefan Eisenwiener.
[bsc#1171313]
- Put libns into a separate subpackage to avoid file conflicts
in the libisc subpackage due to different sonums (bsc#1176092).
- Require /sbin/start_daemon: both init scripts, the one used in
systemd context as well as legacy sysv, make use of start_daemon.
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames: openSUSE-2020-1699
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.9 (Medium)
Affected products
Recommended
41 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-devel-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-doc-9.16.6-lp152.14.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libbind9-1600-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libdns1605-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libirs1601-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisc1606-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccc1600-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccfg1600-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libns1604-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libuv1-32bit-1.18.0-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:python3-bind-9.16.6-lp152.14.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:sysuser-shadow-2.0-lp152.5.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:sysuser-tools-2.0-lp152.5.3.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
41 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-devel-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-doc-9.16.6-lp152.14.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libbind9-1600-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libdns1605-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libirs1601-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisc1606-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccc1600-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccfg1600-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libns1604-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libuv1-32bit-1.18.0-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:python3-bind-9.16.6-lp152.14.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:sysuser-shadow-2.0-lp152.5.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:sysuser-tools-2.0-lp152.5.3.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
41 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-devel-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-doc-9.16.6-lp152.14.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libbind9-1600-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libdns1605-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libirs1601-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisc1606-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccc1600-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccfg1600-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libns1604-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libuv1-32bit-1.18.0-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:python3-bind-9.16.6-lp152.14.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:sysuser-shadow-2.0-lp152.5.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:sysuser-tools-2.0-lp152.5.3.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
8.6 (High)
Affected products
Recommended
41 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-devel-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-doc-9.16.6-lp152.14.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libbind9-1600-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libdns1605-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libirs1601-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisc1606-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccc1600-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccfg1600-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libns1604-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libuv1-32bit-1.18.0-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:python3-bind-9.16.6-lp152.14.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:sysuser-shadow-2.0-lp152.5.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:sysuser-tools-2.0-lp152.5.3.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
41 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-devel-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-doc-9.16.6-lp152.14.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libbind9-1600-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libdns1605-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libirs1601-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisc1606-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccc1600-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccfg1600-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libns1604-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libuv1-32bit-1.18.0-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:python3-bind-9.16.6-lp152.14.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:sysuser-shadow-2.0-lp152.5.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:sysuser-tools-2.0-lp152.5.3.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
4.9 (Medium)
Affected products
Recommended
41 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-devel-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-doc-9.16.6-lp152.14.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libbind9-1600-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libdns1605-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libirs1601-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisc1606-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccc1600-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccfg1600-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libns1604-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libuv1-32bit-1.18.0-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:python3-bind-9.16.6-lp152.14.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:sysuser-shadow-2.0-lp152.5.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:sysuser-tools-2.0-lp152.5.3.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
4.9 (Medium)
Affected products
Recommended
41 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-devel-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-doc-9.16.6-lp152.14.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libbind9-1600-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libdns1605-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libirs1601-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisc1606-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccc1600-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccfg1600-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libns1604-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libuv1-32bit-1.18.0-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:python3-bind-9.16.6-lp152.14.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:sysuser-shadow-2.0-lp152.5.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:sysuser-tools-2.0-lp152.5.3.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
41 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-devel-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-doc-9.16.6-lp152.14.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libbind9-1600-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libdns1605-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libirs1601-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisc1606-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccc1600-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccfg1600-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libns1604-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libuv1-32bit-1.18.0-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:python3-bind-9.16.6-lp152.14.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:sysuser-shadow-2.0-lp152.5.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:sysuser-tools-2.0-lp152.5.3.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
41 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-devel-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-doc-9.16.6-lp152.14.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libbind9-1600-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libdns1605-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libirs1601-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisc1606-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccc1600-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccfg1600-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libns1604-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libuv1-32bit-1.18.0-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:python3-bind-9.16.6-lp152.14.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:sysuser-shadow-2.0-lp152.5.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:sysuser-tools-2.0-lp152.5.3.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
41 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-devel-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-doc-9.16.6-lp152.14.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libbind9-1600-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libdns1605-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libirs1601-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisc1606-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccc1600-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccfg1600-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libns1604-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libuv1-32bit-1.18.0-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:python3-bind-9.16.6-lp152.14.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:sysuser-shadow-2.0-lp152.5.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:sysuser-tools-2.0-lp152.5.3.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
41 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-devel-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-doc-9.16.6-lp152.14.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libbind9-1600-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libdns1605-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libirs1601-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisc1606-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccc1600-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccfg1600-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libns1604-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libuv1-32bit-1.18.0-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:python3-bind-9.16.6-lp152.14.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:sysuser-shadow-2.0-lp152.5.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:sysuser-tools-2.0-lp152.5.3.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
41 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-devel-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-doc-9.16.6-lp152.14.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libbind9-1600-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libdns1605-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libirs1601-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisc1606-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccc1600-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccfg1600-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libns1604-32bit-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libuv1-32bit-1.18.0-lp152.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:python3-bind-9.16.6-lp152.14.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:sysuser-shadow-2.0-lp152.5.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:sysuser-tools-2.0-lp152.5.3.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
76 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for bind",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for bind fixes the following issues:\n\nBIND was upgraded to version 9.16.6:\n\nNote:\n\n- bind is now more strict in regards to DNSSEC. If queries are not working,\n check for DNSSEC issues. For instance, if bind is used in a namserver\n forwarder chain, the forwarding DNS servers must support DNSSEC.\n\nFixing security issues:\n\n- CVE-2020-8616: Further limit the number of queries that can be triggered from\n a request. Root and TLD servers are no longer exempt\n from max-recursion-queries. Fetches for missing name server. (bsc#1171740)\n Address records are limited to 4 for any domain.\n- CVE-2020-8617: Replaying a TSIG BADTIME response as a request could trigger an\n assertion failure. (bsc#1171740)\n- CVE-2019-6477: Fixed an issue where TCP-pipelined queries could bypass \n the tcp-clients limit (bsc#1157051).\n- CVE-2018-5741: Fixed the documentation (bsc#1109160).\n- CVE-2020-8618: It was possible to trigger an INSIST when determining\n whether a record would fit into a TCP message buffer (bsc#1172958).\n- CVE-2020-8619: It was possible to trigger an INSIST in\n lib/dns/rbtdb.c:new_reference() with a particular zone content\n and query patterns (bsc#1172958).\n- CVE-2020-8624: \u0027update-policy\u0027 rules of type \u0027subdomain\u0027 were\n incorrectly treated as \u0027zonesub\u0027 rules, which allowed\n keys used in \u0027subdomain\u0027 rules to update names outside\n of the specified subdomains. The problem was fixed by\n making sure \u0027subdomain\u0027 rules are again processed as\n described in the ARM (bsc#1175443).\n- CVE-2020-8623: When BIND 9 was compiled with native PKCS#11 support, it\n was possible to trigger an assertion failure in code\n determining the number of bits in the PKCS#11 RSA public\n key with a specially crafted packet (bsc#1175443).\n- CVE-2020-8621: named could crash in certain query resolution scenarios\n where QNAME minimization and forwarding were both\n enabled (bsc#1175443).\n- CVE-2020-8620: It was possible to trigger an assertion failure by\n sending a specially crafted large TCP DNS message (bsc#1175443).\n- CVE-2020-8622: It was possible to trigger an assertion failure when\n verifying the response to a TSIG-signed request (bsc#1175443).\n\nOther issues fixed:\n\n- Add engine support to OpenSSL EdDSA implementation.\n- Add engine support to OpenSSL ECDSA implementation.\n- Update PKCS#11 EdDSA implementation to PKCS#11 v3.0.\n- Warn about AXFR streams with inconsistent message IDs.\n- Make ISC rwlock implementation the default again.\n- Fixed issues when using cookie-secrets for AES and SHA2 (bsc#1161168)\n- Installed the default files in /var/lib/named and created \n chroot environment on systems using transactional-updates (bsc#1100369, fate#325524)\n- Fixed an issue where bind was not working in FIPS mode (bsc#906079).\n- Fixed dependency issues (bsc#1118367 and bsc#1118368).\n- GeoIP support is now discontinued, now GeoIP2 is used(bsc#1156205).\n- Fixed an issue with FIPS (bsc#1128220).\n- The liblwres library is discontinued upstream and is no longer included.\n- Added service dependency on NTP to make sure the clock is accurate when bind is starts (bsc#1170667, bsc#1170713).\n- Reject DS records at the zone apex when loading master files. Log but otherwise ignore attempts to add DS records at the zone apex via UPDATE.\n- The default value of \u0027max-stale-ttl\u0027 has been changed from 1 week to 12 hours.\n- Zone timers are now exported via statistics channel.\n- The \u0027primary\u0027 and \u0027secondary\u0027 keywords, when used as parameters for \u0027check-names\u0027, were not processed correctly and were being ignored.\n- \u0027rndc dnstap -roll \u003cvalue\u003e\u0027 did not limit the number of saved files to \u003cvalue\u003e.\n- Add \u0027rndc dnssec -status\u0027 command.\n- Addressed a couple of situations where named could crash.\n- Changed /var/lib/named to owner root:named and perms rwxrwxr-t\n so that named, being a/the only member of the \u0027named\u0027 group\n has full r/w access yet cannot change directories owned by root\n in the case of a compromized named.\n [bsc#1173307, bind-chrootenv.conf]\n- Added \u0027/etc/bind.keys\u0027 to NAMED_CONF_INCLUDE_FILES in /etc/sysconfig/named to suppress warning message re missing file (bsc#1173983).\n- Removed \u0027-r /dev/urandom\u0027 from all invocations of rndc-confgen\n (init/named system/lwresd.init system/named.init in vendor-files)\n as this option is deprecated and causes rndc-confgen to fail.\n (bsc#1173311, bsc#1176674, bsc#1170713)\n- /usr/bin/genDDNSkey: Removing the use of the -r option in the call\n of /usr/sbin/dnssec-keygen as BIND now uses the random number\n functions provided by the crypto library (i.e., OpenSSL or a\n PKCS#11 provider) as a source of randomness rather than /dev/random.\n Therefore the -r command line option no longer has any effect on\n dnssec-keygen. Leaving the option in genDDNSkey as to not break\n compatibility. Patch provided by Stefan Eisenwiener.\n [bsc#1171313]\n- Put libns into a separate subpackage to avoid file conflicts\n in the libisc subpackage due to different sonums (bsc#1176092).\n- Require /sbin/start_daemon: both init scripts, the one used in\n systemd context as well as legacy sysv, make use of start_daemon.\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-1699",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_1699-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:1699-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VUOYW2V65CJWOTYJHZKJDB23QXG7SODU/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:1699-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VUOYW2V65CJWOTYJHZKJDB23QXG7SODU/"
},
{
"category": "self",
"summary": "SUSE Bug 1100369",
"url": "https://bugzilla.suse.com/1100369"
},
{
"category": "self",
"summary": "SUSE Bug 1109160",
"url": "https://bugzilla.suse.com/1109160"
},
{
"category": "self",
"summary": "SUSE Bug 1118367",
"url": "https://bugzilla.suse.com/1118367"
},
{
"category": "self",
"summary": "SUSE Bug 1118368",
"url": "https://bugzilla.suse.com/1118368"
},
{
"category": "self",
"summary": "SUSE Bug 1128220",
"url": "https://bugzilla.suse.com/1128220"
},
{
"category": "self",
"summary": "SUSE Bug 1156205",
"url": "https://bugzilla.suse.com/1156205"
},
{
"category": "self",
"summary": "SUSE Bug 1157051",
"url": "https://bugzilla.suse.com/1157051"
},
{
"category": "self",
"summary": "SUSE Bug 1161168",
"url": "https://bugzilla.suse.com/1161168"
},
{
"category": "self",
"summary": "SUSE Bug 1170667",
"url": "https://bugzilla.suse.com/1170667"
},
{
"category": "self",
"summary": "SUSE Bug 1170713",
"url": "https://bugzilla.suse.com/1170713"
},
{
"category": "self",
"summary": "SUSE Bug 1171313",
"url": "https://bugzilla.suse.com/1171313"
},
{
"category": "self",
"summary": "SUSE Bug 1171740",
"url": "https://bugzilla.suse.com/1171740"
},
{
"category": "self",
"summary": "SUSE Bug 1172958",
"url": "https://bugzilla.suse.com/1172958"
},
{
"category": "self",
"summary": "SUSE Bug 1173307",
"url": "https://bugzilla.suse.com/1173307"
},
{
"category": "self",
"summary": "SUSE Bug 1173311",
"url": "https://bugzilla.suse.com/1173311"
},
{
"category": "self",
"summary": "SUSE Bug 1173983",
"url": "https://bugzilla.suse.com/1173983"
},
{
"category": "self",
"summary": "SUSE Bug 1175443",
"url": "https://bugzilla.suse.com/1175443"
},
{
"category": "self",
"summary": "SUSE Bug 1176092",
"url": "https://bugzilla.suse.com/1176092"
},
{
"category": "self",
"summary": "SUSE Bug 1176674",
"url": "https://bugzilla.suse.com/1176674"
},
{
"category": "self",
"summary": "SUSE Bug 906079",
"url": "https://bugzilla.suse.com/906079"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-3136 page",
"url": "https://www.suse.com/security/cve/CVE-2017-3136/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5741 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5741/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-6477 page",
"url": "https://www.suse.com/security/cve/CVE-2019-6477/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8616 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8616/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8617 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8617/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8618 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8618/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8619 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8619/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8620 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8620/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8621 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8621/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8622 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8622/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8623 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8623/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8624 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8624/"
}
],
"title": "Security update for bind",
"tracking": {
"current_release_date": "2020-10-19T18:22:55Z",
"generator": {
"date": "2020-10-19T18:22:55Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:1699-1",
"initial_release_date": "2020-10-19T18:22:55Z",
"revision_history": [
{
"date": "2020-10-19T18:22:55Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "bind-9.16.6-lp152.14.3.1.i586",
"product": {
"name": "bind-9.16.6-lp152.14.3.1.i586",
"product_id": "bind-9.16.6-lp152.14.3.1.i586"
}
},
{
"category": "product_version",
"name": "bind-chrootenv-9.16.6-lp152.14.3.1.i586",
"product": {
"name": "bind-chrootenv-9.16.6-lp152.14.3.1.i586",
"product_id": "bind-chrootenv-9.16.6-lp152.14.3.1.i586"
}
},
{
"category": "product_version",
"name": "bind-devel-9.16.6-lp152.14.3.1.i586",
"product": {
"name": "bind-devel-9.16.6-lp152.14.3.1.i586",
"product_id": "bind-devel-9.16.6-lp152.14.3.1.i586"
}
},
{
"category": "product_version",
"name": "bind-utils-9.16.6-lp152.14.3.1.i586",
"product": {
"name": "bind-utils-9.16.6-lp152.14.3.1.i586",
"product_id": "bind-utils-9.16.6-lp152.14.3.1.i586"
}
},
{
"category": "product_version",
"name": "libbind9-1600-9.16.6-lp152.14.3.1.i586",
"product": {
"name": "libbind9-1600-9.16.6-lp152.14.3.1.i586",
"product_id": "libbind9-1600-9.16.6-lp152.14.3.1.i586"
}
},
{
"category": "product_version",
"name": "libdns1605-9.16.6-lp152.14.3.1.i586",
"product": {
"name": "libdns1605-9.16.6-lp152.14.3.1.i586",
"product_id": "libdns1605-9.16.6-lp152.14.3.1.i586"
}
},
{
"category": "product_version",
"name": "libirs-devel-9.16.6-lp152.14.3.1.i586",
"product": {
"name": "libirs-devel-9.16.6-lp152.14.3.1.i586",
"product_id": "libirs-devel-9.16.6-lp152.14.3.1.i586"
}
},
{
"category": "product_version",
"name": "libirs1601-9.16.6-lp152.14.3.1.i586",
"product": {
"name": "libirs1601-9.16.6-lp152.14.3.1.i586",
"product_id": "libirs1601-9.16.6-lp152.14.3.1.i586"
}
},
{
"category": "product_version",
"name": "libisc1606-9.16.6-lp152.14.3.1.i586",
"product": {
"name": "libisc1606-9.16.6-lp152.14.3.1.i586",
"product_id": "libisc1606-9.16.6-lp152.14.3.1.i586"
}
},
{
"category": "product_version",
"name": "libisccc1600-9.16.6-lp152.14.3.1.i586",
"product": {
"name": "libisccc1600-9.16.6-lp152.14.3.1.i586",
"product_id": "libisccc1600-9.16.6-lp152.14.3.1.i586"
}
},
{
"category": "product_version",
"name": "libisccfg1600-9.16.6-lp152.14.3.1.i586",
"product": {
"name": "libisccfg1600-9.16.6-lp152.14.3.1.i586",
"product_id": "libisccfg1600-9.16.6-lp152.14.3.1.i586"
}
},
{
"category": "product_version",
"name": "libns1604-9.16.6-lp152.14.3.1.i586",
"product": {
"name": "libns1604-9.16.6-lp152.14.3.1.i586",
"product_id": "libns1604-9.16.6-lp152.14.3.1.i586"
}
},
{
"category": "product_version",
"name": "libuv-devel-1.18.0-lp152.4.3.1.i586",
"product": {
"name": "libuv-devel-1.18.0-lp152.4.3.1.i586",
"product_id": "libuv-devel-1.18.0-lp152.4.3.1.i586"
}
},
{
"category": "product_version",
"name": "libuv1-1.18.0-lp152.4.3.1.i586",
"product": {
"name": "libuv1-1.18.0-lp152.4.3.1.i586",
"product_id": "libuv1-1.18.0-lp152.4.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "bind-doc-9.16.6-lp152.14.3.1.noarch",
"product": {
"name": "bind-doc-9.16.6-lp152.14.3.1.noarch",
"product_id": "bind-doc-9.16.6-lp152.14.3.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-bind-9.16.6-lp152.14.3.1.noarch",
"product": {
"name": "python3-bind-9.16.6-lp152.14.3.1.noarch",
"product_id": "python3-bind-9.16.6-lp152.14.3.1.noarch"
}
},
{
"category": "product_version",
"name": "sysuser-shadow-2.0-lp152.5.3.1.noarch",
"product": {
"name": "sysuser-shadow-2.0-lp152.5.3.1.noarch",
"product_id": "sysuser-shadow-2.0-lp152.5.3.1.noarch"
}
},
{
"category": "product_version",
"name": "sysuser-tools-2.0-lp152.5.3.1.noarch",
"product": {
"name": "sysuser-tools-2.0-lp152.5.3.1.noarch",
"product_id": "sysuser-tools-2.0-lp152.5.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "bind-9.16.6-lp152.14.3.1.x86_64",
"product": {
"name": "bind-9.16.6-lp152.14.3.1.x86_64",
"product_id": "bind-9.16.6-lp152.14.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "bind-chrootenv-9.16.6-lp152.14.3.1.x86_64",
"product": {
"name": "bind-chrootenv-9.16.6-lp152.14.3.1.x86_64",
"product_id": "bind-chrootenv-9.16.6-lp152.14.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "bind-devel-9.16.6-lp152.14.3.1.x86_64",
"product": {
"name": "bind-devel-9.16.6-lp152.14.3.1.x86_64",
"product_id": "bind-devel-9.16.6-lp152.14.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "bind-devel-32bit-9.16.6-lp152.14.3.1.x86_64",
"product": {
"name": "bind-devel-32bit-9.16.6-lp152.14.3.1.x86_64",
"product_id": "bind-devel-32bit-9.16.6-lp152.14.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "bind-utils-9.16.6-lp152.14.3.1.x86_64",
"product": {
"name": "bind-utils-9.16.6-lp152.14.3.1.x86_64",
"product_id": "bind-utils-9.16.6-lp152.14.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libbind9-1600-9.16.6-lp152.14.3.1.x86_64",
"product": {
"name": "libbind9-1600-9.16.6-lp152.14.3.1.x86_64",
"product_id": "libbind9-1600-9.16.6-lp152.14.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libbind9-1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"product": {
"name": "libbind9-1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"product_id": "libbind9-1600-32bit-9.16.6-lp152.14.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libdns1605-9.16.6-lp152.14.3.1.x86_64",
"product": {
"name": "libdns1605-9.16.6-lp152.14.3.1.x86_64",
"product_id": "libdns1605-9.16.6-lp152.14.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libdns1605-32bit-9.16.6-lp152.14.3.1.x86_64",
"product": {
"name": "libdns1605-32bit-9.16.6-lp152.14.3.1.x86_64",
"product_id": "libdns1605-32bit-9.16.6-lp152.14.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libirs-devel-9.16.6-lp152.14.3.1.x86_64",
"product": {
"name": "libirs-devel-9.16.6-lp152.14.3.1.x86_64",
"product_id": "libirs-devel-9.16.6-lp152.14.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libirs1601-9.16.6-lp152.14.3.1.x86_64",
"product": {
"name": "libirs1601-9.16.6-lp152.14.3.1.x86_64",
"product_id": "libirs1601-9.16.6-lp152.14.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libirs1601-32bit-9.16.6-lp152.14.3.1.x86_64",
"product": {
"name": "libirs1601-32bit-9.16.6-lp152.14.3.1.x86_64",
"product_id": "libirs1601-32bit-9.16.6-lp152.14.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libisc1606-9.16.6-lp152.14.3.1.x86_64",
"product": {
"name": "libisc1606-9.16.6-lp152.14.3.1.x86_64",
"product_id": "libisc1606-9.16.6-lp152.14.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libisc1606-32bit-9.16.6-lp152.14.3.1.x86_64",
"product": {
"name": "libisc1606-32bit-9.16.6-lp152.14.3.1.x86_64",
"product_id": "libisc1606-32bit-9.16.6-lp152.14.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libisccc1600-9.16.6-lp152.14.3.1.x86_64",
"product": {
"name": "libisccc1600-9.16.6-lp152.14.3.1.x86_64",
"product_id": "libisccc1600-9.16.6-lp152.14.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libisccc1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"product": {
"name": "libisccc1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"product_id": "libisccc1600-32bit-9.16.6-lp152.14.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libisccfg1600-9.16.6-lp152.14.3.1.x86_64",
"product": {
"name": "libisccfg1600-9.16.6-lp152.14.3.1.x86_64",
"product_id": "libisccfg1600-9.16.6-lp152.14.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libisccfg1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"product": {
"name": "libisccfg1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"product_id": "libisccfg1600-32bit-9.16.6-lp152.14.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libns1604-9.16.6-lp152.14.3.1.x86_64",
"product": {
"name": "libns1604-9.16.6-lp152.14.3.1.x86_64",
"product_id": "libns1604-9.16.6-lp152.14.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libns1604-32bit-9.16.6-lp152.14.3.1.x86_64",
"product": {
"name": "libns1604-32bit-9.16.6-lp152.14.3.1.x86_64",
"product_id": "libns1604-32bit-9.16.6-lp152.14.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libuv-devel-1.18.0-lp152.4.3.1.x86_64",
"product": {
"name": "libuv-devel-1.18.0-lp152.4.3.1.x86_64",
"product_id": "libuv-devel-1.18.0-lp152.4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libuv1-1.18.0-lp152.4.3.1.x86_64",
"product": {
"name": "libuv1-1.18.0-lp152.4.3.1.x86_64",
"product_id": "libuv1-1.18.0-lp152.4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libuv1-32bit-1.18.0-lp152.4.3.1.x86_64",
"product": {
"name": "libuv1-32bit-1.18.0-lp152.4.3.1.x86_64",
"product_id": "libuv1-32bit-1.18.0-lp152.4.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.2",
"product": {
"name": "openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-9.16.6-lp152.14.3.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.i586"
},
"product_reference": "bind-9.16.6-lp152.14.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-9.16.6-lp152.14.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.x86_64"
},
"product_reference": "bind-9.16.6-lp152.14.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-chrootenv-9.16.6-lp152.14.3.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.i586"
},
"product_reference": "bind-chrootenv-9.16.6-lp152.14.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-chrootenv-9.16.6-lp152.14.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.x86_64"
},
"product_reference": "bind-chrootenv-9.16.6-lp152.14.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-devel-9.16.6-lp152.14.3.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.i586"
},
"product_reference": "bind-devel-9.16.6-lp152.14.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-devel-9.16.6-lp152.14.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.x86_64"
},
"product_reference": "bind-devel-9.16.6-lp152.14.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-devel-32bit-9.16.6-lp152.14.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:bind-devel-32bit-9.16.6-lp152.14.3.1.x86_64"
},
"product_reference": "bind-devel-32bit-9.16.6-lp152.14.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-doc-9.16.6-lp152.14.3.1.noarch as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:bind-doc-9.16.6-lp152.14.3.1.noarch"
},
"product_reference": "bind-doc-9.16.6-lp152.14.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-utils-9.16.6-lp152.14.3.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.i586"
},
"product_reference": "bind-utils-9.16.6-lp152.14.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-utils-9.16.6-lp152.14.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.x86_64"
},
"product_reference": "bind-utils-9.16.6-lp152.14.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbind9-1600-9.16.6-lp152.14.3.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.i586"
},
"product_reference": "libbind9-1600-9.16.6-lp152.14.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbind9-1600-9.16.6-lp152.14.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.x86_64"
},
"product_reference": "libbind9-1600-9.16.6-lp152.14.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbind9-1600-32bit-9.16.6-lp152.14.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libbind9-1600-32bit-9.16.6-lp152.14.3.1.x86_64"
},
"product_reference": "libbind9-1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libdns1605-9.16.6-lp152.14.3.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.i586"
},
"product_reference": "libdns1605-9.16.6-lp152.14.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libdns1605-9.16.6-lp152.14.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.x86_64"
},
"product_reference": "libdns1605-9.16.6-lp152.14.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libdns1605-32bit-9.16.6-lp152.14.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libdns1605-32bit-9.16.6-lp152.14.3.1.x86_64"
},
"product_reference": "libdns1605-32bit-9.16.6-lp152.14.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libirs-devel-9.16.6-lp152.14.3.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.i586"
},
"product_reference": "libirs-devel-9.16.6-lp152.14.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libirs-devel-9.16.6-lp152.14.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.x86_64"
},
"product_reference": "libirs-devel-9.16.6-lp152.14.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libirs1601-9.16.6-lp152.14.3.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.i586"
},
"product_reference": "libirs1601-9.16.6-lp152.14.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libirs1601-9.16.6-lp152.14.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.x86_64"
},
"product_reference": "libirs1601-9.16.6-lp152.14.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libirs1601-32bit-9.16.6-lp152.14.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libirs1601-32bit-9.16.6-lp152.14.3.1.x86_64"
},
"product_reference": "libirs1601-32bit-9.16.6-lp152.14.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libisc1606-9.16.6-lp152.14.3.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.i586"
},
"product_reference": "libisc1606-9.16.6-lp152.14.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libisc1606-9.16.6-lp152.14.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.x86_64"
},
"product_reference": "libisc1606-9.16.6-lp152.14.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libisc1606-32bit-9.16.6-lp152.14.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libisc1606-32bit-9.16.6-lp152.14.3.1.x86_64"
},
"product_reference": "libisc1606-32bit-9.16.6-lp152.14.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libisccc1600-9.16.6-lp152.14.3.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.i586"
},
"product_reference": "libisccc1600-9.16.6-lp152.14.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libisccc1600-9.16.6-lp152.14.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.x86_64"
},
"product_reference": "libisccc1600-9.16.6-lp152.14.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libisccc1600-32bit-9.16.6-lp152.14.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libisccc1600-32bit-9.16.6-lp152.14.3.1.x86_64"
},
"product_reference": "libisccc1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libisccfg1600-9.16.6-lp152.14.3.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.i586"
},
"product_reference": "libisccfg1600-9.16.6-lp152.14.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libisccfg1600-9.16.6-lp152.14.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.x86_64"
},
"product_reference": "libisccfg1600-9.16.6-lp152.14.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libisccfg1600-32bit-9.16.6-lp152.14.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libisccfg1600-32bit-9.16.6-lp152.14.3.1.x86_64"
},
"product_reference": "libisccfg1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libns1604-9.16.6-lp152.14.3.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.i586"
},
"product_reference": "libns1604-9.16.6-lp152.14.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libns1604-9.16.6-lp152.14.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.x86_64"
},
"product_reference": "libns1604-9.16.6-lp152.14.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libns1604-32bit-9.16.6-lp152.14.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libns1604-32bit-9.16.6-lp152.14.3.1.x86_64"
},
"product_reference": "libns1604-32bit-9.16.6-lp152.14.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libuv-devel-1.18.0-lp152.4.3.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.i586"
},
"product_reference": "libuv-devel-1.18.0-lp152.4.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libuv-devel-1.18.0-lp152.4.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.x86_64"
},
"product_reference": "libuv-devel-1.18.0-lp152.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libuv1-1.18.0-lp152.4.3.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.i586"
},
"product_reference": "libuv1-1.18.0-lp152.4.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libuv1-1.18.0-lp152.4.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.x86_64"
},
"product_reference": "libuv1-1.18.0-lp152.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libuv1-32bit-1.18.0-lp152.4.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libuv1-32bit-1.18.0-lp152.4.3.1.x86_64"
},
"product_reference": "libuv1-32bit-1.18.0-lp152.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-bind-9.16.6-lp152.14.3.1.noarch as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:python3-bind-9.16.6-lp152.14.3.1.noarch"
},
"product_reference": "python3-bind-9.16.6-lp152.14.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sysuser-shadow-2.0-lp152.5.3.1.noarch as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:sysuser-shadow-2.0-lp152.5.3.1.noarch"
},
"product_reference": "sysuser-shadow-2.0-lp152.5.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sysuser-tools-2.0-lp152.5.3.1.noarch as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:sysuser-tools-2.0-lp152.5.3.1.noarch"
},
"product_reference": "sysuser-tools-2.0-lp152.5.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-3136",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-3136"
}
],
"notes": [
{
"category": "general",
"text": "A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other preconditions were met. Affects BIND 9.8.0 -\u003e 9.8.8-P1, 9.9.0 -\u003e 9.9.9-P6, 9.9.10b1-\u003e9.9.10rc1, 9.10.0 -\u003e 9.10.4-P6, 9.10.5b1-\u003e9.10.5rc1, 9.11.0 -\u003e 9.11.0-P3, 9.11.1b1-\u003e9.11.1rc1, 9.9.3-S1 -\u003e 9.9.9-S8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-doc-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-32bit-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:python3-bind-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:sysuser-shadow-2.0-lp152.5.3.1.noarch",
"openSUSE Leap 15.2:sysuser-tools-2.0-lp152.5.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-3136",
"url": "https://www.suse.com/security/cve/CVE-2017-3136"
},
{
"category": "external",
"summary": "SUSE Bug 1018700 for CVE-2017-3136",
"url": "https://bugzilla.suse.com/1018700"
},
{
"category": "external",
"summary": "SUSE Bug 1018701 for CVE-2017-3136",
"url": "https://bugzilla.suse.com/1018701"
},
{
"category": "external",
"summary": "SUSE Bug 1018702 for CVE-2017-3136",
"url": "https://bugzilla.suse.com/1018702"
},
{
"category": "external",
"summary": "SUSE Bug 1024130 for CVE-2017-3136",
"url": "https://bugzilla.suse.com/1024130"
},
{
"category": "external",
"summary": "SUSE Bug 1033461 for CVE-2017-3136",
"url": "https://bugzilla.suse.com/1033461"
},
{
"category": "external",
"summary": "SUSE Bug 1033466 for CVE-2017-3136",
"url": "https://bugzilla.suse.com/1033466"
},
{
"category": "external",
"summary": "SUSE Bug 1081545 for CVE-2017-3136",
"url": "https://bugzilla.suse.com/1081545"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-doc-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-32bit-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:python3-bind-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:sysuser-shadow-2.0-lp152.5.3.1.noarch",
"openSUSE Leap 15.2:sysuser-tools-2.0-lp152.5.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-doc-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-32bit-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:python3-bind-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:sysuser-shadow-2.0-lp152.5.3.1.noarch",
"openSUSE Leap 15.2:sysuser-tools-2.0-lp152.5.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-19T18:22:55Z",
"details": "important"
}
],
"title": "CVE-2017-3136"
},
{
"cve": "CVE-2018-5741",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5741"
}
],
"notes": [
{
"category": "general",
"text": "To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when sending the update request. Unfortunately, some rule types were not initially documented, and when documentation for them was added to the Administrator Reference Manual (ARM) in change #3112, the language that was added to the ARM at that time incorrectly described the behavior of two rule types, krb5-subdomain and ms-subdomain. This incorrect documentation could mislead operators into believing that policies they had configured were more restrictive than they actually were. This affects BIND versions prior to BIND 9.11.5 and BIND 9.12.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-doc-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-32bit-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:python3-bind-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:sysuser-shadow-2.0-lp152.5.3.1.noarch",
"openSUSE Leap 15.2:sysuser-tools-2.0-lp152.5.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5741",
"url": "https://www.suse.com/security/cve/CVE-2018-5741"
},
{
"category": "external",
"summary": "SUSE Bug 1109160 for CVE-2018-5741",
"url": "https://bugzilla.suse.com/1109160"
},
{
"category": "external",
"summary": "SUSE Bug 1171740 for CVE-2018-5741",
"url": "https://bugzilla.suse.com/1171740"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-doc-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-32bit-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:python3-bind-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:sysuser-shadow-2.0-lp152.5.3.1.noarch",
"openSUSE Leap 15.2:sysuser-tools-2.0-lp152.5.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-doc-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-32bit-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:python3-bind-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:sysuser-shadow-2.0-lp152.5.3.1.noarch",
"openSUSE Leap 15.2:sysuser-tools-2.0-lp152.5.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-19T18:22:55Z",
"details": "moderate"
}
],
"title": "CVE-2018-5741"
},
{
"cve": "CVE-2019-6477",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-6477"
}
],
"notes": [
{
"category": "general",
"text": "With pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to a query received via UDP or via TCP without pipelining enabled. A client using a TCP-pipelined connection to a server could consume more resources than the server has been provisioned to handle. When a TCP connection with a large number of pipelined queries is closed, the load on the server releasing these multiple resources can cause it to become unresponsive, even for queries that can be answered authoritatively or from cache. (This is most likely to be perceived as an intermittent server problem).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-doc-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-32bit-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:python3-bind-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:sysuser-shadow-2.0-lp152.5.3.1.noarch",
"openSUSE Leap 15.2:sysuser-tools-2.0-lp152.5.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-6477",
"url": "https://www.suse.com/security/cve/CVE-2019-6477"
},
{
"category": "external",
"summary": "SUSE Bug 1157051 for CVE-2019-6477",
"url": "https://bugzilla.suse.com/1157051"
},
{
"category": "external",
"summary": "SUSE Bug 1197136 for CVE-2019-6477",
"url": "https://bugzilla.suse.com/1197136"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-doc-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-32bit-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:python3-bind-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:sysuser-shadow-2.0-lp152.5.3.1.noarch",
"openSUSE Leap 15.2:sysuser-tools-2.0-lp152.5.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-doc-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-32bit-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:python3-bind-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:sysuser-shadow-2.0-lp152.5.3.1.noarch",
"openSUSE Leap 15.2:sysuser-tools-2.0-lp152.5.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-19T18:22:55Z",
"details": "important"
}
],
"title": "CVE-2019-6477"
},
{
"cve": "CVE-2020-8616",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8616"
}
],
"notes": [
{
"category": "general",
"text": "A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at least two potential effects: The performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and The attacker can exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-doc-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-32bit-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:python3-bind-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:sysuser-shadow-2.0-lp152.5.3.1.noarch",
"openSUSE Leap 15.2:sysuser-tools-2.0-lp152.5.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8616",
"url": "https://www.suse.com/security/cve/CVE-2020-8616"
},
{
"category": "external",
"summary": "SUSE Bug 1109160 for CVE-2020-8616",
"url": "https://bugzilla.suse.com/1109160"
},
{
"category": "external",
"summary": "SUSE Bug 1171740 for CVE-2020-8616",
"url": "https://bugzilla.suse.com/1171740"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-doc-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-32bit-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:python3-bind-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:sysuser-shadow-2.0-lp152.5.3.1.noarch",
"openSUSE Leap 15.2:sysuser-tools-2.0-lp152.5.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-doc-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-32bit-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:python3-bind-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:sysuser-shadow-2.0-lp152.5.3.1.noarch",
"openSUSE Leap 15.2:sysuser-tools-2.0-lp152.5.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-19T18:22:55Z",
"details": "moderate"
}
],
"title": "CVE-2020-8616"
},
{
"cve": "CVE-2020-8617",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8617"
}
],
"notes": [
{
"category": "general",
"text": "Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-doc-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-32bit-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:python3-bind-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:sysuser-shadow-2.0-lp152.5.3.1.noarch",
"openSUSE Leap 15.2:sysuser-tools-2.0-lp152.5.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8617",
"url": "https://www.suse.com/security/cve/CVE-2020-8617"
},
{
"category": "external",
"summary": "SUSE Bug 1109160 for CVE-2020-8617",
"url": "https://bugzilla.suse.com/1109160"
},
{
"category": "external",
"summary": "SUSE Bug 1171740 for CVE-2020-8617",
"url": "https://bugzilla.suse.com/1171740"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-doc-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-32bit-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:python3-bind-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:sysuser-shadow-2.0-lp152.5.3.1.noarch",
"openSUSE Leap 15.2:sysuser-tools-2.0-lp152.5.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-doc-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-32bit-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:python3-bind-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:sysuser-shadow-2.0-lp152.5.3.1.noarch",
"openSUSE Leap 15.2:sysuser-tools-2.0-lp152.5.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-19T18:22:55Z",
"details": "moderate"
}
],
"title": "CVE-2020-8617"
},
{
"cve": "CVE-2020-8618",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8618"
}
],
"notes": [
{
"category": "general",
"text": "An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a specially constructed zone, denying service to clients.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-doc-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-32bit-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:python3-bind-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:sysuser-shadow-2.0-lp152.5.3.1.noarch",
"openSUSE Leap 15.2:sysuser-tools-2.0-lp152.5.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8618",
"url": "https://www.suse.com/security/cve/CVE-2020-8618"
},
{
"category": "external",
"summary": "SUSE Bug 1172958 for CVE-2020-8618",
"url": "https://bugzilla.suse.com/1172958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-doc-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-32bit-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:python3-bind-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:sysuser-shadow-2.0-lp152.5.3.1.noarch",
"openSUSE Leap 15.2:sysuser-tools-2.0-lp152.5.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-doc-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-32bit-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:python3-bind-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:sysuser-shadow-2.0-lp152.5.3.1.noarch",
"openSUSE Leap 15.2:sysuser-tools-2.0-lp152.5.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-19T18:22:55Z",
"details": "moderate"
}
],
"title": "CVE-2020-8618"
},
{
"cve": "CVE-2020-8619",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8619"
}
],
"notes": [
{
"category": "general",
"text": "In ISC BIND9 versions BIND 9.11.14 -\u003e 9.11.19, BIND 9.14.9 -\u003e 9.14.12, BIND 9.16.0 -\u003e 9.16.3, BIND Supported Preview Edition 9.11.14-S1 -\u003e 9.11.19-S1: Unless a nameserver is providing authoritative service for one or more zones and at least one zone contains an empty non-terminal entry containing an asterisk (\"*\") character, this defect cannot be encountered. A would-be attacker who is allowed to change zone content could theoretically introduce such a record in order to exploit this condition to cause denial of service, though we consider the use of this vector unlikely because any such attack would require a significant privilege level and be easily traceable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-doc-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-32bit-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:python3-bind-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:sysuser-shadow-2.0-lp152.5.3.1.noarch",
"openSUSE Leap 15.2:sysuser-tools-2.0-lp152.5.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8619",
"url": "https://www.suse.com/security/cve/CVE-2020-8619"
},
{
"category": "external",
"summary": "SUSE Bug 1172958 for CVE-2020-8619",
"url": "https://bugzilla.suse.com/1172958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-doc-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-32bit-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:python3-bind-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:sysuser-shadow-2.0-lp152.5.3.1.noarch",
"openSUSE Leap 15.2:sysuser-tools-2.0-lp152.5.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-doc-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-32bit-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:python3-bind-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:sysuser-shadow-2.0-lp152.5.3.1.noarch",
"openSUSE Leap 15.2:sysuser-tools-2.0-lp152.5.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-19T18:22:55Z",
"details": "moderate"
}
],
"title": "CVE-2020-8619"
},
{
"cve": "CVE-2020-8620",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8620"
}
],
"notes": [
{
"category": "general",
"text": "In BIND 9.15.6 -\u003e 9.16.5, 9.17.0 -\u003e 9.17.3, An attacker who can establish a TCP connection with the server and send data on that connection can exploit this to trigger the assertion failure, causing the server to exit.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-doc-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-32bit-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:python3-bind-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:sysuser-shadow-2.0-lp152.5.3.1.noarch",
"openSUSE Leap 15.2:sysuser-tools-2.0-lp152.5.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8620",
"url": "https://www.suse.com/security/cve/CVE-2020-8620"
},
{
"category": "external",
"summary": "SUSE Bug 1175443 for CVE-2020-8620",
"url": "https://bugzilla.suse.com/1175443"
},
{
"category": "external",
"summary": "SUSE Bug 1191120 for CVE-2020-8620",
"url": "https://bugzilla.suse.com/1191120"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-doc-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-32bit-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:python3-bind-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:sysuser-shadow-2.0-lp152.5.3.1.noarch",
"openSUSE Leap 15.2:sysuser-tools-2.0-lp152.5.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-doc-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-32bit-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:python3-bind-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:sysuser-shadow-2.0-lp152.5.3.1.noarch",
"openSUSE Leap 15.2:sysuser-tools-2.0-lp152.5.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-19T18:22:55Z",
"details": "important"
}
],
"title": "CVE-2020-8620"
},
{
"cve": "CVE-2020-8621",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8621"
}
],
"notes": [
{
"category": "general",
"text": "In BIND 9.14.0 -\u003e 9.16.5, 9.17.0 -\u003e 9.17.3, If a server is configured with both QNAME minimization and \u0027forward first\u0027 then an attacker who can send queries to it may be able to trigger the condition that will cause the server to crash. Servers that \u0027forward only\u0027 are not affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-doc-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-32bit-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:python3-bind-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:sysuser-shadow-2.0-lp152.5.3.1.noarch",
"openSUSE Leap 15.2:sysuser-tools-2.0-lp152.5.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8621",
"url": "https://www.suse.com/security/cve/CVE-2020-8621"
},
{
"category": "external",
"summary": "SUSE Bug 1175443 for CVE-2020-8621",
"url": "https://bugzilla.suse.com/1175443"
},
{
"category": "external",
"summary": "SUSE Bug 1191120 for CVE-2020-8621",
"url": "https://bugzilla.suse.com/1191120"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-doc-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-32bit-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:python3-bind-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:sysuser-shadow-2.0-lp152.5.3.1.noarch",
"openSUSE Leap 15.2:sysuser-tools-2.0-lp152.5.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-doc-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-32bit-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:python3-bind-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:sysuser-shadow-2.0-lp152.5.3.1.noarch",
"openSUSE Leap 15.2:sysuser-tools-2.0-lp152.5.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-19T18:22:55Z",
"details": "important"
}
],
"title": "CVE-2020-8621"
},
{
"cve": "CVE-2020-8622",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8622"
}
],
"notes": [
{
"category": "general",
"text": "In BIND 9.0.0 -\u003e 9.11.21, 9.12.0 -\u003e 9.16.5, 9.17.0 -\u003e 9.17.3, also affects 9.9.3-S1 -\u003e 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and message, and spoof a truncated response to trigger an assertion failure, causing the server to exit.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-doc-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-32bit-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:python3-bind-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:sysuser-shadow-2.0-lp152.5.3.1.noarch",
"openSUSE Leap 15.2:sysuser-tools-2.0-lp152.5.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8622",
"url": "https://www.suse.com/security/cve/CVE-2020-8622"
},
{
"category": "external",
"summary": "SUSE Bug 1175443 for CVE-2020-8622",
"url": "https://bugzilla.suse.com/1175443"
},
{
"category": "external",
"summary": "SUSE Bug 1188888 for CVE-2020-8622",
"url": "https://bugzilla.suse.com/1188888"
},
{
"category": "external",
"summary": "SUSE Bug 1191120 for CVE-2020-8622",
"url": "https://bugzilla.suse.com/1191120"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-doc-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-32bit-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:python3-bind-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:sysuser-shadow-2.0-lp152.5.3.1.noarch",
"openSUSE Leap 15.2:sysuser-tools-2.0-lp152.5.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-doc-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-32bit-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:python3-bind-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:sysuser-shadow-2.0-lp152.5.3.1.noarch",
"openSUSE Leap 15.2:sysuser-tools-2.0-lp152.5.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-19T18:22:55Z",
"details": "important"
}
],
"title": "CVE-2020-8622"
},
{
"cve": "CVE-2020-8623",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8623"
}
],
"notes": [
{
"category": "general",
"text": "In BIND 9.10.0 -\u003e 9.11.21, 9.12.0 -\u003e 9.16.5, 9.17.0 -\u003e 9.17.3, also affects 9.10.5-S1 -\u003e 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with \"--enable-native-pkcs11\" * be signing one or more zones with an RSA key * be able to receive queries from a possible attacker",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-doc-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-32bit-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:python3-bind-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:sysuser-shadow-2.0-lp152.5.3.1.noarch",
"openSUSE Leap 15.2:sysuser-tools-2.0-lp152.5.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8623",
"url": "https://www.suse.com/security/cve/CVE-2020-8623"
},
{
"category": "external",
"summary": "SUSE Bug 1175443 for CVE-2020-8623",
"url": "https://bugzilla.suse.com/1175443"
},
{
"category": "external",
"summary": "SUSE Bug 1191120 for CVE-2020-8623",
"url": "https://bugzilla.suse.com/1191120"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-doc-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-32bit-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:python3-bind-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:sysuser-shadow-2.0-lp152.5.3.1.noarch",
"openSUSE Leap 15.2:sysuser-tools-2.0-lp152.5.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-doc-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-32bit-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:python3-bind-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:sysuser-shadow-2.0-lp152.5.3.1.noarch",
"openSUSE Leap 15.2:sysuser-tools-2.0-lp152.5.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-19T18:22:55Z",
"details": "important"
}
],
"title": "CVE-2020-8623"
},
{
"cve": "CVE-2020-8624",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8624"
}
],
"notes": [
{
"category": "general",
"text": "In BIND 9.9.12 -\u003e 9.9.13, 9.10.7 -\u003e 9.10.8, 9.11.3 -\u003e 9.11.21, 9.12.1 -\u003e 9.16.5, 9.17.0 -\u003e 9.17.3, also affects 9.9.12-S1 -\u003e 9.9.13-S1, 9.11.3-S1 -\u003e 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the zone\u0027s content could abuse these unintended additional privileges to update other contents of the zone.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-doc-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-32bit-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:python3-bind-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:sysuser-shadow-2.0-lp152.5.3.1.noarch",
"openSUSE Leap 15.2:sysuser-tools-2.0-lp152.5.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8624",
"url": "https://www.suse.com/security/cve/CVE-2020-8624"
},
{
"category": "external",
"summary": "SUSE Bug 1175443 for CVE-2020-8624",
"url": "https://bugzilla.suse.com/1175443"
},
{
"category": "external",
"summary": "SUSE Bug 1191120 for CVE-2020-8624",
"url": "https://bugzilla.suse.com/1191120"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-doc-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-32bit-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:python3-bind-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:sysuser-shadow-2.0-lp152.5.3.1.noarch",
"openSUSE Leap 15.2:sysuser-tools-2.0-lp152.5.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-chrootenv-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:bind-doc-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:bind-utils-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libbind9-1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libdns1605-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs-devel-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libirs1601-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisc1606-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccc1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libisccfg1600-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-32bit-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.i586",
"openSUSE Leap 15.2:libns1604-9.16.6-lp152.14.3.1.x86_64",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv-devel-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.i586",
"openSUSE Leap 15.2:libuv1-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:libuv1-32bit-1.18.0-lp152.4.3.1.x86_64",
"openSUSE Leap 15.2:python3-bind-9.16.6-lp152.14.3.1.noarch",
"openSUSE Leap 15.2:sysuser-shadow-2.0-lp152.5.3.1.noarch",
"openSUSE Leap 15.2:sysuser-tools-2.0-lp152.5.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-19T18:22:55Z",
"details": "important"
}
],
"title": "CVE-2020-8624"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…