Mageia Advisory: MGASA-2021-0110 - Updated bind packages fix security vulnerability

Updated bind packages fix security vulnerability

Publication date: 04 Mar 2021
Modification date: 04 Mar 2021
Type: security
Affected Mageia releases : 7 , 8
CVE: CVE-2020-8625

Description

A buffer overflow vulnerability was discovered in the SPNEGO implementation
affecting the GSSAPI security policy negotiation in BIND, which could result in
denial of service (daemon crash), or potentially the execution of arbitrary
code (CVE-2020-8625).

The default configuration is not vulnerable to this issue, but it is if the
tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options are set.

References

https://bugs.mageia.org/show_bug.cgi?id=28394
https://kb.isc.org/docs/cve-2020-8625
https://www.debian.org/security/2021/dsa-4857
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8625

SRPMS

7/core

bind-9.11.6-1.3.mga7

8/core

bind-9.11.27-1.1.mga8

Advisories » MGASA-2021-0110

Updated bind packages fix security vulnerability

Description

References

SRPMS

7/core

8/core