Updated bind packages fix security vulnerabilities
Publication date: 23 Oct 2019Modification date: 23 Oct 2019
Type: security
Affected Mageia releases : 7
CVE: CVE-2018-5743 , CVE-2019-6471
Description
Updated bind packages fix security vulnerabilities
Limiting simultaneous TCP clients is ineffective (CVE-2018-5743)
Race condition when discarding malformed packets can cause bind to
exit with assertion failure (CVE-2019-6471)
In addition to those two security issues, this package releases also
fixes two additional issues:
- a missing conflict tag between old bind and bnew ind-utils subpackages,
preventing upgrade due to a file conflict
- missing root.key file, despite this one being refered in default
configuration
References
SRPMS
7/core
- bind-9.11.6-1.1.mga7