Security update for bind SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2020:1914-1 Final 1 1 2020-07-15T07:34:08Z current 2020-07-15T07:34:08Z 2020-07-15T07:34:08Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for bind This update for bind fixes the following issues: - Amended documentation referring to rule types 'krb5-subdomain' and 'ms-subdomain'. This incorrect documentation could mislead operators into believing that policies they had configured were more restrictive than they actually were. [CVE-2018-5741] - Further limit the number of queries that can be triggered from a request. Root and TLD servers are no longer exempt from max-recursion-queries. Fetches for missing name server address records are limited to 4 for any domain. [CVE-2020-8616] - Replaying a TSIG BADTIME response as a request could trigger an assertion failure. [CVE-2020-8617] [bsc#1109160, bsc#1171740, CVE-2018-5741, bind-CVE-2018-5741.patch, CVE-2020-8616, bind-CVE-2020-8616.patch, CVE-2020-8617, bind-CVE-2020-8617.patch] - Don't rely on /etc/insserv.conf anymore for proper dependencies against nss-lookup.target in named.service and lwresd.service (bsc#1118367 bsc#1118368) - Using a drop-in file The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). HPE-Helion-OpenStack-8-2020-1914,SUSE-2020-1914,SUSE-OpenStack-Cloud-7-2020-1914,SUSE-OpenStack-Cloud-8-2020-1914,SUSE-OpenStack-Cloud-Crowbar-8-2020-1914,SUSE-SLE-SAP-12-SP2-2020-1914,SUSE-SLE-SAP-12-SP3-2020-1914,SUSE-SLE-SERVER-12-SP2-2020-1914,SUSE-SLE-SERVER-12-SP2-BCL-2020-1914,SUSE-SLE-SERVER-12-SP3-2020-1914,SUSE-SLE-SERVER-12-SP3-BCL-2020-1914,SUSE-Storage-5-2020-1914 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2020/suse-su-20201914-1/ Link for SUSE-SU-2020:1914-1 https://lists.suse.com/pipermail/sle-security-updates/2020-July/007135.html E-Mail link for SUSE-SU-2020:1914-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1109160 SUSE Bug 1109160 https://bugzilla.suse.com/1118367 SUSE Bug 1118367 https://bugzilla.suse.com/1118368 SUSE Bug 1118368 https://bugzilla.suse.com/1171740 SUSE Bug 1171740 https://www.suse.com/security/cve/CVE-2018-5741/ SUSE CVE CVE-2018-5741 page https://www.suse.com/security/cve/CVE-2020-8616/ SUSE CVE CVE-2020-8616 page https://www.suse.com/security/cve/CVE-2020-8617/ SUSE CVE CVE-2020-8617 page HPE Helion OpenStack 8 SUSE Enterprise Storage 5 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server for SAP Applications 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 bind-9.9.9P1-63.17.1 bind-chrootenv-9.9.9P1-63.17.1 bind-doc-9.9.9P1-63.17.1 bind-libs-9.9.9P1-63.17.1 bind-libs-32bit-9.9.9P1-63.17.1 bind-utils-9.9.9P1-63.17.1 bind-devel-9.9.9P1-63.17.1 bind-libs-64bit-9.9.9P1-63.17.1 bind-lwresd-9.9.9P1-63.17.1 bind-9.9.9P1-63.17.1 as a component of HPE Helion OpenStack 8 bind-chrootenv-9.9.9P1-63.17.1 as a component of HPE Helion OpenStack 8 bind-doc-9.9.9P1-63.17.1 as a component of HPE Helion OpenStack 8 bind-libs-9.9.9P1-63.17.1 as a component of HPE Helion OpenStack 8 bind-libs-32bit-9.9.9P1-63.17.1 as a component of HPE Helion OpenStack 8 bind-utils-9.9.9P1-63.17.1 as a component of HPE Helion OpenStack 8 bind-9.9.9P1-63.17.1 as a component of SUSE Enterprise Storage 5 bind-chrootenv-9.9.9P1-63.17.1 as a component of SUSE Enterprise Storage 5 bind-doc-9.9.9P1-63.17.1 as a component of SUSE Enterprise Storage 5 bind-libs-9.9.9P1-63.17.1 as a component of SUSE Enterprise Storage 5 bind-libs-32bit-9.9.9P1-63.17.1 as a component of SUSE Enterprise Storage 5 bind-utils-9.9.9P1-63.17.1 as a component of SUSE Enterprise Storage 5 bind-9.9.9P1-63.17.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL bind-chrootenv-9.9.9P1-63.17.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL bind-doc-9.9.9P1-63.17.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL bind-libs-9.9.9P1-63.17.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL bind-libs-32bit-9.9.9P1-63.17.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL bind-utils-9.9.9P1-63.17.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL bind-9.9.9P1-63.17.1 as a component of SUSE Linux Enterprise Server 12 SP2-LTSS bind-chrootenv-9.9.9P1-63.17.1 as a component of SUSE Linux Enterprise Server 12 SP2-LTSS bind-doc-9.9.9P1-63.17.1 as a component of SUSE Linux Enterprise Server 12 SP2-LTSS bind-libs-9.9.9P1-63.17.1 as a component of SUSE Linux Enterprise Server 12 SP2-LTSS bind-libs-32bit-9.9.9P1-63.17.1 as a component of SUSE Linux Enterprise Server 12 SP2-LTSS bind-utils-9.9.9P1-63.17.1 as a component of SUSE Linux Enterprise Server 12 SP2-LTSS bind-9.9.9P1-63.17.1 as a component of SUSE Linux Enterprise Server 12 SP3-BCL bind-chrootenv-9.9.9P1-63.17.1 as a component of SUSE Linux Enterprise Server 12 SP3-BCL bind-doc-9.9.9P1-63.17.1 as a component of SUSE Linux Enterprise Server 12 SP3-BCL bind-libs-9.9.9P1-63.17.1 as a component of SUSE Linux Enterprise Server 12 SP3-BCL bind-libs-32bit-9.9.9P1-63.17.1 as a component of SUSE Linux Enterprise Server 12 SP3-BCL bind-utils-9.9.9P1-63.17.1 as a component of SUSE Linux Enterprise Server 12 SP3-BCL bind-9.9.9P1-63.17.1 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS bind-chrootenv-9.9.9P1-63.17.1 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS bind-doc-9.9.9P1-63.17.1 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS bind-libs-9.9.9P1-63.17.1 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS bind-libs-32bit-9.9.9P1-63.17.1 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS bind-utils-9.9.9P1-63.17.1 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS bind-9.9.9P1-63.17.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 bind-chrootenv-9.9.9P1-63.17.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 bind-doc-9.9.9P1-63.17.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 bind-libs-9.9.9P1-63.17.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 bind-libs-32bit-9.9.9P1-63.17.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 bind-utils-9.9.9P1-63.17.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 bind-9.9.9P1-63.17.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 bind-chrootenv-9.9.9P1-63.17.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 bind-doc-9.9.9P1-63.17.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 bind-libs-9.9.9P1-63.17.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 bind-libs-32bit-9.9.9P1-63.17.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 bind-utils-9.9.9P1-63.17.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 bind-9.9.9P1-63.17.1 as a component of SUSE OpenStack Cloud 7 bind-chrootenv-9.9.9P1-63.17.1 as a component of SUSE OpenStack Cloud 7 bind-doc-9.9.9P1-63.17.1 as a component of SUSE OpenStack Cloud 7 bind-libs-9.9.9P1-63.17.1 as a component of SUSE OpenStack Cloud 7 bind-libs-32bit-9.9.9P1-63.17.1 as a component of SUSE OpenStack Cloud 7 bind-utils-9.9.9P1-63.17.1 as a component of SUSE OpenStack Cloud 7 bind-9.9.9P1-63.17.1 as a component of SUSE OpenStack Cloud 8 bind-chrootenv-9.9.9P1-63.17.1 as a component of SUSE OpenStack Cloud 8 bind-doc-9.9.9P1-63.17.1 as a component of SUSE OpenStack Cloud 8 bind-libs-9.9.9P1-63.17.1 as a component of SUSE OpenStack Cloud 8 bind-libs-32bit-9.9.9P1-63.17.1 as a component of SUSE OpenStack Cloud 8 bind-utils-9.9.9P1-63.17.1 as a component of SUSE OpenStack Cloud 8 bind-9.9.9P1-63.17.1 as a component of SUSE OpenStack Cloud Crowbar 8 bind-chrootenv-9.9.9P1-63.17.1 as a component of SUSE OpenStack Cloud Crowbar 8 bind-doc-9.9.9P1-63.17.1 as a component of SUSE OpenStack Cloud Crowbar 8 bind-libs-9.9.9P1-63.17.1 as a component of SUSE OpenStack Cloud Crowbar 8 bind-libs-32bit-9.9.9P1-63.17.1 as a component of SUSE OpenStack Cloud Crowbar 8 bind-utils-9.9.9P1-63.17.1 as a component of SUSE OpenStack Cloud Crowbar 8 To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when sending the update request. Unfortunately, some rule types were not initially documented, and when documentation for them was added to the Administrator Reference Manual (ARM) in change #3112, the language that was added to the ARM at that time incorrectly described the behavior of two rule types, krb5-subdomain and ms-subdomain. This incorrect documentation could mislead operators into believing that policies they had configured were more restrictive than they actually were. This affects BIND versions prior to BIND 9.11.5 and BIND 9.12.3. CVE-2018-5741 HPE Helion OpenStack 8:bind-9.9.9P1-63.17.1 HPE Helion OpenStack 8:bind-chrootenv-9.9.9P1-63.17.1 HPE Helion OpenStack 8:bind-doc-9.9.9P1-63.17.1 HPE Helion OpenStack 8:bind-libs-32bit-9.9.9P1-63.17.1 HPE Helion OpenStack 8:bind-libs-9.9.9P1-63.17.1 HPE Helion OpenStack 8:bind-utils-9.9.9P1-63.17.1 SUSE Enterprise Storage 5:bind-9.9.9P1-63.17.1 SUSE Enterprise Storage 5:bind-chrootenv-9.9.9P1-63.17.1 SUSE Enterprise Storage 5:bind-doc-9.9.9P1-63.17.1 SUSE Enterprise Storage 5:bind-libs-32bit-9.9.9P1-63.17.1 SUSE Enterprise Storage 5:bind-libs-9.9.9P1-63.17.1 SUSE Enterprise Storage 5:bind-utils-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP2-BCL:bind-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP2-BCL:bind-chrootenv-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP2-BCL:bind-doc-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP2-BCL:bind-libs-32bit-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP2-BCL:bind-libs-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP2-BCL:bind-utils-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP2-LTSS:bind-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP2-LTSS:bind-chrootenv-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP2-LTSS:bind-doc-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP2-LTSS:bind-libs-32bit-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP2-LTSS:bind-libs-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP2-LTSS:bind-utils-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP3-BCL:bind-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP3-BCL:bind-chrootenv-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP3-BCL:bind-doc-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP3-BCL:bind-libs-32bit-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP3-BCL:bind-libs-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP3-BCL:bind-utils-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP3-LTSS:bind-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP3-LTSS:bind-chrootenv-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP3-LTSS:bind-doc-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP3-LTSS:bind-libs-32bit-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP3-LTSS:bind-libs-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP3-LTSS:bind-utils-9.9.9P1-63.17.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:bind-9.9.9P1-63.17.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:bind-chrootenv-9.9.9P1-63.17.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:bind-doc-9.9.9P1-63.17.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:bind-libs-32bit-9.9.9P1-63.17.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:bind-libs-9.9.9P1-63.17.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:bind-utils-9.9.9P1-63.17.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:bind-9.9.9P1-63.17.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:bind-chrootenv-9.9.9P1-63.17.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:bind-doc-9.9.9P1-63.17.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:bind-libs-32bit-9.9.9P1-63.17.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:bind-libs-9.9.9P1-63.17.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:bind-utils-9.9.9P1-63.17.1 SUSE OpenStack Cloud 7:bind-9.9.9P1-63.17.1 SUSE OpenStack Cloud 7:bind-chrootenv-9.9.9P1-63.17.1 SUSE OpenStack Cloud 7:bind-doc-9.9.9P1-63.17.1 SUSE OpenStack Cloud 7:bind-libs-32bit-9.9.9P1-63.17.1 SUSE OpenStack Cloud 7:bind-libs-9.9.9P1-63.17.1 SUSE OpenStack Cloud 7:bind-utils-9.9.9P1-63.17.1 SUSE OpenStack Cloud 8:bind-9.9.9P1-63.17.1 SUSE OpenStack Cloud 8:bind-chrootenv-9.9.9P1-63.17.1 SUSE OpenStack Cloud 8:bind-doc-9.9.9P1-63.17.1 SUSE OpenStack Cloud 8:bind-libs-32bit-9.9.9P1-63.17.1 SUSE OpenStack Cloud 8:bind-libs-9.9.9P1-63.17.1 SUSE OpenStack Cloud 8:bind-utils-9.9.9P1-63.17.1 SUSE OpenStack Cloud Crowbar 8:bind-9.9.9P1-63.17.1 SUSE OpenStack Cloud Crowbar 8:bind-chrootenv-9.9.9P1-63.17.1 SUSE OpenStack Cloud Crowbar 8:bind-doc-9.9.9P1-63.17.1 SUSE OpenStack Cloud Crowbar 8:bind-libs-32bit-9.9.9P1-63.17.1 SUSE OpenStack Cloud Crowbar 8:bind-libs-9.9.9P1-63.17.1 SUSE OpenStack Cloud Crowbar 8:bind-utils-9.9.9P1-63.17.1 moderate 4 AV:N/AC:L/Au:S/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20201914-1/ https://www.suse.com/security/cve/CVE-2018-5741.html CVE-2018-5741 https://bugzilla.suse.com/1109160 SUSE Bug 1109160 https://bugzilla.suse.com/1171740 SUSE Bug 1171740 A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at least two potential effects: The performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and The attacker can exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor. CVE-2020-8616 HPE Helion OpenStack 8:bind-9.9.9P1-63.17.1 HPE Helion OpenStack 8:bind-chrootenv-9.9.9P1-63.17.1 HPE Helion OpenStack 8:bind-doc-9.9.9P1-63.17.1 HPE Helion OpenStack 8:bind-libs-32bit-9.9.9P1-63.17.1 HPE Helion OpenStack 8:bind-libs-9.9.9P1-63.17.1 HPE Helion OpenStack 8:bind-utils-9.9.9P1-63.17.1 SUSE Enterprise Storage 5:bind-9.9.9P1-63.17.1 SUSE Enterprise Storage 5:bind-chrootenv-9.9.9P1-63.17.1 SUSE Enterprise Storage 5:bind-doc-9.9.9P1-63.17.1 SUSE Enterprise Storage 5:bind-libs-32bit-9.9.9P1-63.17.1 SUSE Enterprise Storage 5:bind-libs-9.9.9P1-63.17.1 SUSE Enterprise Storage 5:bind-utils-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP2-BCL:bind-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP2-BCL:bind-chrootenv-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP2-BCL:bind-doc-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP2-BCL:bind-libs-32bit-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP2-BCL:bind-libs-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP2-BCL:bind-utils-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP2-LTSS:bind-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP2-LTSS:bind-chrootenv-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP2-LTSS:bind-doc-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP2-LTSS:bind-libs-32bit-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP2-LTSS:bind-libs-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP2-LTSS:bind-utils-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP3-BCL:bind-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP3-BCL:bind-chrootenv-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP3-BCL:bind-doc-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP3-BCL:bind-libs-32bit-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP3-BCL:bind-libs-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP3-BCL:bind-utils-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP3-LTSS:bind-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP3-LTSS:bind-chrootenv-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP3-LTSS:bind-doc-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP3-LTSS:bind-libs-32bit-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP3-LTSS:bind-libs-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP3-LTSS:bind-utils-9.9.9P1-63.17.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:bind-9.9.9P1-63.17.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:bind-chrootenv-9.9.9P1-63.17.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:bind-doc-9.9.9P1-63.17.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:bind-libs-32bit-9.9.9P1-63.17.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:bind-libs-9.9.9P1-63.17.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:bind-utils-9.9.9P1-63.17.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:bind-9.9.9P1-63.17.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:bind-chrootenv-9.9.9P1-63.17.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:bind-doc-9.9.9P1-63.17.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:bind-libs-32bit-9.9.9P1-63.17.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:bind-libs-9.9.9P1-63.17.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:bind-utils-9.9.9P1-63.17.1 SUSE OpenStack Cloud 7:bind-9.9.9P1-63.17.1 SUSE OpenStack Cloud 7:bind-chrootenv-9.9.9P1-63.17.1 SUSE OpenStack Cloud 7:bind-doc-9.9.9P1-63.17.1 SUSE OpenStack Cloud 7:bind-libs-32bit-9.9.9P1-63.17.1 SUSE OpenStack Cloud 7:bind-libs-9.9.9P1-63.17.1 SUSE OpenStack Cloud 7:bind-utils-9.9.9P1-63.17.1 SUSE OpenStack Cloud 8:bind-9.9.9P1-63.17.1 SUSE OpenStack Cloud 8:bind-chrootenv-9.9.9P1-63.17.1 SUSE OpenStack Cloud 8:bind-doc-9.9.9P1-63.17.1 SUSE OpenStack Cloud 8:bind-libs-32bit-9.9.9P1-63.17.1 SUSE OpenStack Cloud 8:bind-libs-9.9.9P1-63.17.1 SUSE OpenStack Cloud 8:bind-utils-9.9.9P1-63.17.1 SUSE OpenStack Cloud Crowbar 8:bind-9.9.9P1-63.17.1 SUSE OpenStack Cloud Crowbar 8:bind-chrootenv-9.9.9P1-63.17.1 SUSE OpenStack Cloud Crowbar 8:bind-doc-9.9.9P1-63.17.1 SUSE OpenStack Cloud Crowbar 8:bind-libs-32bit-9.9.9P1-63.17.1 SUSE OpenStack Cloud Crowbar 8:bind-libs-9.9.9P1-63.17.1 SUSE OpenStack Cloud Crowbar 8:bind-utils-9.9.9P1-63.17.1 important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20201914-1/ https://www.suse.com/security/cve/CVE-2020-8616.html CVE-2020-8616 https://bugzilla.suse.com/1109160 SUSE Bug 1109160 https://bugzilla.suse.com/1171740 SUSE Bug 1171740 Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results. CVE-2020-8617 HPE Helion OpenStack 8:bind-9.9.9P1-63.17.1 HPE Helion OpenStack 8:bind-chrootenv-9.9.9P1-63.17.1 HPE Helion OpenStack 8:bind-doc-9.9.9P1-63.17.1 HPE Helion OpenStack 8:bind-libs-32bit-9.9.9P1-63.17.1 HPE Helion OpenStack 8:bind-libs-9.9.9P1-63.17.1 HPE Helion OpenStack 8:bind-utils-9.9.9P1-63.17.1 SUSE Enterprise Storage 5:bind-9.9.9P1-63.17.1 SUSE Enterprise Storage 5:bind-chrootenv-9.9.9P1-63.17.1 SUSE Enterprise Storage 5:bind-doc-9.9.9P1-63.17.1 SUSE Enterprise Storage 5:bind-libs-32bit-9.9.9P1-63.17.1 SUSE Enterprise Storage 5:bind-libs-9.9.9P1-63.17.1 SUSE Enterprise Storage 5:bind-utils-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP2-BCL:bind-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP2-BCL:bind-chrootenv-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP2-BCL:bind-doc-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP2-BCL:bind-libs-32bit-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP2-BCL:bind-libs-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP2-BCL:bind-utils-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP2-LTSS:bind-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP2-LTSS:bind-chrootenv-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP2-LTSS:bind-doc-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP2-LTSS:bind-libs-32bit-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP2-LTSS:bind-libs-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP2-LTSS:bind-utils-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP3-BCL:bind-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP3-BCL:bind-chrootenv-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP3-BCL:bind-doc-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP3-BCL:bind-libs-32bit-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP3-BCL:bind-libs-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP3-BCL:bind-utils-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP3-LTSS:bind-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP3-LTSS:bind-chrootenv-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP3-LTSS:bind-doc-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP3-LTSS:bind-libs-32bit-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP3-LTSS:bind-libs-9.9.9P1-63.17.1 SUSE Linux Enterprise Server 12 SP3-LTSS:bind-utils-9.9.9P1-63.17.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:bind-9.9.9P1-63.17.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:bind-chrootenv-9.9.9P1-63.17.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:bind-doc-9.9.9P1-63.17.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:bind-libs-32bit-9.9.9P1-63.17.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:bind-libs-9.9.9P1-63.17.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:bind-utils-9.9.9P1-63.17.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:bind-9.9.9P1-63.17.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:bind-chrootenv-9.9.9P1-63.17.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:bind-doc-9.9.9P1-63.17.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:bind-libs-32bit-9.9.9P1-63.17.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:bind-libs-9.9.9P1-63.17.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:bind-utils-9.9.9P1-63.17.1 SUSE OpenStack Cloud 7:bind-9.9.9P1-63.17.1 SUSE OpenStack Cloud 7:bind-chrootenv-9.9.9P1-63.17.1 SUSE OpenStack Cloud 7:bind-doc-9.9.9P1-63.17.1 SUSE OpenStack Cloud 7:bind-libs-32bit-9.9.9P1-63.17.1 SUSE OpenStack Cloud 7:bind-libs-9.9.9P1-63.17.1 SUSE OpenStack Cloud 7:bind-utils-9.9.9P1-63.17.1 SUSE OpenStack Cloud 8:bind-9.9.9P1-63.17.1 SUSE OpenStack Cloud 8:bind-chrootenv-9.9.9P1-63.17.1 SUSE OpenStack Cloud 8:bind-doc-9.9.9P1-63.17.1 SUSE OpenStack Cloud 8:bind-libs-32bit-9.9.9P1-63.17.1 SUSE OpenStack Cloud 8:bind-libs-9.9.9P1-63.17.1 SUSE OpenStack Cloud 8:bind-utils-9.9.9P1-63.17.1 SUSE OpenStack Cloud Crowbar 8:bind-9.9.9P1-63.17.1 SUSE OpenStack Cloud Crowbar 8:bind-chrootenv-9.9.9P1-63.17.1 SUSE OpenStack Cloud Crowbar 8:bind-doc-9.9.9P1-63.17.1 SUSE OpenStack Cloud Crowbar 8:bind-libs-32bit-9.9.9P1-63.17.1 SUSE OpenStack Cloud Crowbar 8:bind-libs-9.9.9P1-63.17.1 SUSE OpenStack Cloud Crowbar 8:bind-utils-9.9.9P1-63.17.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20201914-1/ https://www.suse.com/security/cve/CVE-2020-8617.html CVE-2020-8617 https://bugzilla.suse.com/1109160 SUSE Bug 1109160 https://bugzilla.suse.com/1171740 SUSE Bug 1171740