Overview

File _patchinfo of Package patchinfo.19428

<patchinfo incident="19428">
  <issue tracker="cve" id="2021-25214"/>
  <issue tracker="cve" id="2021-25216"/>
  <issue tracker="cve" id="2021-25215"/>
  <issue tracker="bnc" id="1181495">Partner-L3: MD5 warning message using host, dig, nslookup (bind-utils) on SLES 12 SP5 with FIPS enabled.</issue>
  <issue tracker="bnc" id="1185345">VUL-0: CVE-2021-25214, CVE-2021-25215, CVE-2021-25216: bind: three vulnerabilities</issue>
  <packager>jmoellers</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for bind</summary>
  <description>This update for bind fixes the following issues:

- CVE-2021-25214: Fixed a broken inbound incremental zone update (IXFR) which could have caused named to terminate unexpectedly (bsc#1185345).
- CVE-2021-25215: Fixed an assertion check which could have failed while answering queries for DNAME records that required the DNAME to be processed to resolve itself (bsc#1185345).
- CVE-2021-25216: Fixed an issue where policy negotiation can be targeted by a buffer overflow attack (bsc#1185345).
- MD5 warning message using host, dig, nslookup (bind-utils) with FIPS enabled (bsc#1181495).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places