Overview

File _patchinfo of Package patchinfo.27569

<patchinfo incident="27569">
  <issue tracker="cve" id="2022-3924"/>
  <issue tracker="cve" id="2022-3094"/>
  <issue tracker="cve" id="2022-3736"/>
  <issue tracker="bnc" id="1207473">VUL-0: CVE-2022-3736: bind: named configured to answer from stale cache may terminate unexpectedly while processing RRSIG queries</issue>
  <issue tracker="bnc" id="1207475">VUL-0: CVE-2022-3924: bind: named configured to answer from stale cache may terminate unexpectedly at recursive-clients soft quota</issue>
  <issue tracker="bnc" id="1207471">VUL-0: CVE-2022-3094: bind: An UPDATE message flood may cause named to exhaust all available memory</issue>
  <issue tracker="jsc" id="SLE-24600"/>
  <packager>jcronenberg</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for bind</summary>
  <description>This update for bind fixes the following issues:

- Updated to version 9.16.37 (jsc#SLE-24600):
  - CVE-2022-3094: Fixed an issue where a message flood could exhaust
    all available memory (bsc#1207471).
  - CVE-2022-3736: Fixed a potential crash upon receiving an RRSIG in
    configurations with stale cache and stale answers enabled and
    stale-answer-client-timeout set to a positive value (bsc#1207473).
  - CVE-2022-3924: Fixed a potential crash upon reaching the
    recursive-clients soft quota in configurations with stale answers
    enabled and stale-answer-client-timeout set to a positive value
    (bsc#1207475).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places