Advisories ยป MGASA-2022-0388

Updated bind packages fix security vulnerability

Publication date: 23 Oct 2022
Type: security
Affected Mageia releases : 8
CVE: CVE-2022-2795 , CVE-2022-38177 , CVE-2022-38178


By flooding the target resolver with queries exploiting this flaw an
attacker can significantly impair the resolver's performance,
effectively denying legitimate clients access to the DNS resolution
service. (CVE-2022-2795)

By spoofing the target resolver with responses that have a malformed ECDSA
signature, an attacker can trigger a small memory leak. It is possible to
gradually erode available memory to the point where named crashes for lack
of resources. (CVE-2022-38177, CVE-2022-38178)