Security update for bind SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2021:3773-1 Final 1 1 2021-11-23T14:49:46Z current 2021-11-23T14:49:46Z 2021-11-23T14:49:46Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for bind This update for bind fixes the following issues: - CVE-2021-25219: Fixed lame cache that could have been abused to severely degrade resolver performance (bsc#1192146). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-SLE-15.3-2021-3773 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/J67T6X7DSN2PDCNE3ENLU6MB6USV53JZ/ E-Mail link for openSUSE-SU-2021:3773-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1192146 SUSE Bug 1192146 https://www.suse.com/security/cve/CVE-2021-25219/ SUSE CVE CVE-2021-25219 page openSUSE Leap 15.3 bind-devel-32bit-9.16.6-12.57.1 libbind9-1600-32bit-9.16.6-12.57.1 libdns1605-32bit-9.16.6-12.57.1 libirs1601-32bit-9.16.6-12.57.1 libisc1606-32bit-9.16.6-12.57.1 libisccc1600-32bit-9.16.6-12.57.1 libisccfg1600-32bit-9.16.6-12.57.1 libns1604-32bit-9.16.6-12.57.1 bind-devel-32bit-9.16.6-12.57.1 as a component of openSUSE Leap 15.3 libbind9-1600-32bit-9.16.6-12.57.1 as a component of openSUSE Leap 15.3 libdns1605-32bit-9.16.6-12.57.1 as a component of openSUSE Leap 15.3 libirs1601-32bit-9.16.6-12.57.1 as a component of openSUSE Leap 15.3 libisc1606-32bit-9.16.6-12.57.1 as a component of openSUSE Leap 15.3 libisccc1600-32bit-9.16.6-12.57.1 as a component of openSUSE Leap 15.3 libisccfg1600-32bit-9.16.6-12.57.1 as a component of openSUSE Leap 15.3 libns1604-32bit-9.16.6-12.57.1 as a component of openSUSE Leap 15.3 In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. The way the lame cache is currently designed makes it possible for its internal data structures to grow almost infinitely, which may cause significant delays in client query processing. CVE-2021-25219 openSUSE Leap 15.3:bind-devel-32bit-9.16.6-12.57.1 openSUSE Leap 15.3:libbind9-1600-32bit-9.16.6-12.57.1 openSUSE Leap 15.3:libdns1605-32bit-9.16.6-12.57.1 openSUSE Leap 15.3:libirs1601-32bit-9.16.6-12.57.1 openSUSE Leap 15.3:libisc1606-32bit-9.16.6-12.57.1 openSUSE Leap 15.3:libisccc1600-32bit-9.16.6-12.57.1 openSUSE Leap 15.3:libisccfg1600-32bit-9.16.6-12.57.1 openSUSE Leap 15.3:libns1604-32bit-9.16.6-12.57.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/J67T6X7DSN2PDCNE3ENLU6MB6USV53JZ/ https://www.suse.com/security/cve/CVE-2021-25219.html CVE-2021-25219 https://bugzilla.suse.com/1192146 SUSE Bug 1192146