Advisories ยป MGASA-2022-0388

Updated bind packages fix security vulnerability

Publication date: 23 Oct 2022
Modification date: 23 Oct 2022
Type: security
Affected Mageia releases : 8
CVE: CVE-2022-2795 , CVE-2022-38177 , CVE-2022-38178

Description

By flooding the target resolver with queries exploiting this flaw an
attacker can significantly impair the resolver's performance,
effectively denying legitimate clients access to the DNS resolution
service. (CVE-2022-2795)

By spoofing the target resolver with responses that have a malformed ECDSA
signature, an attacker can trigger a small memory leak. It is possible to
gradually erode available memory to the point where named crashes for lack
of resources. (CVE-2022-38177, CVE-2022-38178)
                

References

SRPMS

8/core