Overview

File _patchinfo of Package patchinfo.11362

<patchinfo incident="11362">
  <issue tracker="bnc" id="1133185">VUL-0: CVE-2018-5743: bind: Limiting simultaneous TCP clients is ineffective</issue>
  <issue tracker="bnc" id="1118368">Please include proper dependencies in named.service against nss-lookup.target</issue>
  <issue tracker="bnc" id="1126069">VUL-0: CVE-2019-6465: bind: Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable.</issue>
  <issue tracker="bnc" id="1128220">re-add bind-fix-fips.patch which was mistakenly removed</issue>
  <issue tracker="bnc" id="1118367">Please add proper dependencies in lwresd.service against nss-lookup.target</issue>
  <issue tracker="bnc" id="1104129">VUL-1: CVE-2018-5740: bind: A flaw in the "deny-answer-aliases" feature can cause an INSIST assertion failure in named</issue>
  <issue tracker="bnc" id="1126068">VUL-0: CVE-2018-5745: bind: An assertion failure can occur if a trust anchor rolls over to an unsupported key algorithm when using managed-keys</issue>
  <issue tracker="bnc" id="1138687">VUL-0: CVE-2019-6471: bind: reachable assert in dispatch.c</issue>
  <issue tracker="cve" id="2019-6465"/>
  <issue tracker="cve" id="2018-5743"/>
  <issue tracker="cve" id="2019-6471"/>
  <issue tracker="cve" id="2018-5745"/>
  <issue tracker="cve" id="2018-5740"/>
  <packager>rmax</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for bind</summary>
  <description>This update for bind fixes the following issues:

Security issues fixed:

- CVE-2019-6465: Fixed an issue where controls for zone transfers may not be properly applied to Dynamically Loadable Zones (bsc#1126069).
- CVE-2019-6471: Fixed a reachable assert in dispatch.c. (bsc#1138687)
- CVE-2018-5745: Fixed a denial of service vulnerability if a trust anchor rolls over to an unsupported key algorithm when using managed-keys (bsc#1126068).
- CVE-2018-5743: Fixed a denial of service vulnerability which could be caused by to many simultaneous TCP connections (bsc#1133185).
- CVE-2018-5740: Fixed a denial of service vulnerability in the "deny-answer-aliases" feature (bsc#1104129).

Non-security issues fixed:

- Don't rely on /etc/insserv.conf anymore for proper dependencies against 
  nss-lookup.target in named.service and lwresd.service (bsc#1118367, bsc#1118368).
- Fix FIPS related regression (bsc#1128220).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places