Advisories » MGASA-2021-0560

Updated bind packages fix security vulnerability

Publication date: 19 Dec 2021
Modification date: 19 Dec 2021
Type: security
Affected Mageia releases : 8
CVE: CVE-2021-25219

Description

Updated bind packages fix security vulnerability:

Kishore Kumar Kothapalli discovered that the lame server cache in BIND,
a DNS server implementation, can be abused by an attacker to significantly
degrade resolver performance, resulting in denial of service (large delays
for responses for client queries and DNS timeouts on client hosts)
(CVE-2021-25219).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=29427
• https://kb.isc.org/docs/cve-2021-25219
• https://www.debian.org/security/2021/dsa-4994
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25219

SRPMS

8/core

• bind-9.11.36-1.1.mga8