Security update for bind SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2020:1701-1 Final 1 1 2020-10-20T04:20:51Z current 2020-10-20T04:20:51Z 2020-10-20T04:20:51Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for bind This update for bind fixes the following issues: BIND was upgraded to version 9.16.6: Note: - bind is now more strict in regards to DNSSEC. If queries are not working, check for DNSSEC issues. For instance, if bind is used in a namserver forwarder chain, the forwarding DNS servers must support DNSSEC. Fixing security issues: - CVE-2020-8616: Further limit the number of queries that can be triggered from a request. Root and TLD servers are no longer exempt from max-recursion-queries. Fetches for missing name server. (bsc#1171740) Address records are limited to 4 for any domain. - CVE-2020-8617: Replaying a TSIG BADTIME response as a request could trigger an assertion failure. (bsc#1171740) - CVE-2019-6477: Fixed an issue where TCP-pipelined queries could bypass the tcp-clients limit (bsc#1157051). - CVE-2018-5741: Fixed the documentation (bsc#1109160). - CVE-2020-8618: It was possible to trigger an INSIST when determining whether a record would fit into a TCP message buffer (bsc#1172958). - CVE-2020-8619: It was possible to trigger an INSIST in lib/dns/rbtdb.c:new_reference() with a particular zone content and query patterns (bsc#1172958). - CVE-2020-8624: 'update-policy' rules of type 'subdomain' were incorrectly treated as 'zonesub' rules, which allowed keys used in 'subdomain' rules to update names outside of the specified subdomains. The problem was fixed by making sure 'subdomain' rules are again processed as described in the ARM (bsc#1175443). - CVE-2020-8623: When BIND 9 was compiled with native PKCS#11 support, it was possible to trigger an assertion failure in code determining the number of bits in the PKCS#11 RSA public key with a specially crafted packet (bsc#1175443). - CVE-2020-8621: named could crash in certain query resolution scenarios where QNAME minimization and forwarding were both enabled (bsc#1175443). - CVE-2020-8620: It was possible to trigger an assertion failure by sending a specially crafted large TCP DNS message (bsc#1175443). - CVE-2020-8622: It was possible to trigger an assertion failure when verifying the response to a TSIG-signed request (bsc#1175443). Other issues fixed: - Add engine support to OpenSSL EdDSA implementation. - Add engine support to OpenSSL ECDSA implementation. - Update PKCS#11 EdDSA implementation to PKCS#11 v3.0. - Warn about AXFR streams with inconsistent message IDs. - Make ISC rwlock implementation the default again. - Fixed issues when using cookie-secrets for AES and SHA2 (bsc#1161168) - Installed the default files in /var/lib/named and created chroot environment on systems using transactional-updates (bsc#1100369, fate#325524) - Fixed an issue where bind was not working in FIPS mode (bsc#906079). - Fixed dependency issues (bsc#1118367 and bsc#1118368). - GeoIP support is now discontinued, now GeoIP2 is used(bsc#1156205). - Fixed an issue with FIPS (bsc#1128220). - The liblwres library is discontinued upstream and is no longer included. - Added service dependency on NTP to make sure the clock is accurate when bind is starts (bsc#1170667, bsc#1170713). - Reject DS records at the zone apex when loading master files. Log but otherwise ignore attempts to add DS records at the zone apex via UPDATE. - The default value of 'max-stale-ttl' has been changed from 1 week to 12 hours. - Zone timers are now exported via statistics channel. - The 'primary' and 'secondary' keywords, when used as parameters for 'check-names', were not processed correctly and were being ignored. - 'rndc dnstap -roll <value>' did not limit the number of saved files to <value>. - Add 'rndc dnssec -status' command. - Addressed a couple of situations where named could crash. - Changed /var/lib/named to owner root:named and perms rwxrwxr-t so that named, being a/the only member of the 'named' group has full r/w access yet cannot change directories owned by root in the case of a compromized named. [bsc#1173307, bind-chrootenv.conf] - Added '/etc/bind.keys' to NAMED_CONF_INCLUDE_FILES in /etc/sysconfig/named to suppress warning message re missing file (bsc#1173983). - Removed '-r /dev/urandom' from all invocations of rndc-confgen (init/named system/lwresd.init system/named.init in vendor-files) as this option is deprecated and causes rndc-confgen to fail. (bsc#1173311, bsc#1176674, bsc#1170713) - /usr/bin/genDDNSkey: Removing the use of the -r option in the call of /usr/sbin/dnssec-keygen as BIND now uses the random number functions provided by the crypto library (i.e., OpenSSL or a PKCS#11 provider) as a source of randomness rather than /dev/random. Therefore the -r command line option no longer has any effect on dnssec-keygen. Leaving the option in genDDNSkey as to not break compatibility. Patch provided by Stefan Eisenwiener. [bsc#1171313] - Put libns into a separate subpackage to avoid file conflicts in the libisc subpackage due to different sonums (bsc#1176092). - Require /sbin/start_daemon: both init scripts, the one used in systemd context as well as legacy sysv, make use of start_daemon. This update was imported from the SUSE:SLE-15:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2020-1701 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5DSIJXYG3NFNRGFIFTMKBYDE6QWREQSP/ E-Mail link for openSUSE-SU-2020:1701-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1100369 SUSE Bug 1100369 https://bugzilla.suse.com/1109160 SUSE Bug 1109160 https://bugzilla.suse.com/1118367 SUSE Bug 1118367 https://bugzilla.suse.com/1118368 SUSE Bug 1118368 https://bugzilla.suse.com/1128220 SUSE Bug 1128220 https://bugzilla.suse.com/1156205 SUSE Bug 1156205 https://bugzilla.suse.com/1157051 SUSE Bug 1157051 https://bugzilla.suse.com/1161168 SUSE Bug 1161168 https://bugzilla.suse.com/1170667 SUSE Bug 1170667 https://bugzilla.suse.com/1170713 SUSE Bug 1170713 https://bugzilla.suse.com/1171313 SUSE Bug 1171313 https://bugzilla.suse.com/1171740 SUSE Bug 1171740 https://bugzilla.suse.com/1172958 SUSE Bug 1172958 https://bugzilla.suse.com/1173307 SUSE Bug 1173307 https://bugzilla.suse.com/1173311 SUSE Bug 1173311 https://bugzilla.suse.com/1173983 SUSE Bug 1173983 https://bugzilla.suse.com/1175443 SUSE Bug 1175443 https://bugzilla.suse.com/1176092 SUSE Bug 1176092 https://bugzilla.suse.com/1176674 SUSE Bug 1176674 https://bugzilla.suse.com/906079 SUSE Bug 906079 https://www.suse.com/security/cve/CVE-2017-3136/ SUSE CVE CVE-2017-3136 page https://www.suse.com/security/cve/CVE-2018-5741/ SUSE CVE CVE-2018-5741 page https://www.suse.com/security/cve/CVE-2019-6477/ SUSE CVE CVE-2019-6477 page https://www.suse.com/security/cve/CVE-2020-8616/ SUSE CVE CVE-2020-8616 page https://www.suse.com/security/cve/CVE-2020-8617/ SUSE CVE CVE-2020-8617 page https://www.suse.com/security/cve/CVE-2020-8618/ SUSE CVE CVE-2020-8618 page https://www.suse.com/security/cve/CVE-2020-8619/ SUSE CVE CVE-2020-8619 page https://www.suse.com/security/cve/CVE-2020-8620/ SUSE CVE CVE-2020-8620 page https://www.suse.com/security/cve/CVE-2020-8621/ SUSE CVE CVE-2020-8621 page https://www.suse.com/security/cve/CVE-2020-8622/ SUSE CVE CVE-2020-8622 page https://www.suse.com/security/cve/CVE-2020-8623/ SUSE CVE CVE-2020-8623 page https://www.suse.com/security/cve/CVE-2020-8624/ SUSE CVE CVE-2020-8624 page openSUSE Leap 15.1 bind-9.16.6-lp151.11.9.1 bind-chrootenv-9.16.6-lp151.11.9.1 bind-devel-9.16.6-lp151.11.9.1 bind-devel-32bit-9.16.6-lp151.11.9.1 bind-doc-9.16.6-lp151.11.9.1 bind-utils-9.16.6-lp151.11.9.1 libbind9-1600-9.16.6-lp151.11.9.1 libbind9-1600-32bit-9.16.6-lp151.11.9.1 libdns1605-9.16.6-lp151.11.9.1 libdns1605-32bit-9.16.6-lp151.11.9.1 libirs-devel-9.16.6-lp151.11.9.1 libirs1601-9.16.6-lp151.11.9.1 libirs1601-32bit-9.16.6-lp151.11.9.1 libisc1606-9.16.6-lp151.11.9.1 libisc1606-32bit-9.16.6-lp151.11.9.1 libisccc1600-9.16.6-lp151.11.9.1 libisccc1600-32bit-9.16.6-lp151.11.9.1 libisccfg1600-9.16.6-lp151.11.9.1 libisccfg1600-32bit-9.16.6-lp151.11.9.1 libns1604-9.16.6-lp151.11.9.1 libns1604-32bit-9.16.6-lp151.11.9.1 libuv-devel-1.18.0-lp151.3.3.1 libuv1-1.18.0-lp151.3.3.1 libuv1-32bit-1.18.0-lp151.3.3.1 python3-bind-9.16.6-lp151.11.9.1 sysuser-shadow-2.0-lp151.4.3.1 sysuser-tools-2.0-lp151.4.3.1 bind-9.16.6-lp151.11.9.1 as a component of openSUSE Leap 15.1 bind-chrootenv-9.16.6-lp151.11.9.1 as a component of openSUSE Leap 15.1 bind-devel-9.16.6-lp151.11.9.1 as a component of openSUSE Leap 15.1 bind-devel-32bit-9.16.6-lp151.11.9.1 as a component of openSUSE Leap 15.1 bind-doc-9.16.6-lp151.11.9.1 as a component of openSUSE Leap 15.1 bind-utils-9.16.6-lp151.11.9.1 as a component of openSUSE Leap 15.1 libbind9-1600-9.16.6-lp151.11.9.1 as a component of openSUSE Leap 15.1 libbind9-1600-32bit-9.16.6-lp151.11.9.1 as a component of openSUSE Leap 15.1 libdns1605-9.16.6-lp151.11.9.1 as a component of openSUSE Leap 15.1 libdns1605-32bit-9.16.6-lp151.11.9.1 as a component of openSUSE Leap 15.1 libirs-devel-9.16.6-lp151.11.9.1 as a component of openSUSE Leap 15.1 libirs1601-9.16.6-lp151.11.9.1 as a component of openSUSE Leap 15.1 libirs1601-32bit-9.16.6-lp151.11.9.1 as a component of openSUSE Leap 15.1 libisc1606-9.16.6-lp151.11.9.1 as a component of openSUSE Leap 15.1 libisc1606-32bit-9.16.6-lp151.11.9.1 as a component of openSUSE Leap 15.1 libisccc1600-9.16.6-lp151.11.9.1 as a component of openSUSE Leap 15.1 libisccc1600-32bit-9.16.6-lp151.11.9.1 as a component of openSUSE Leap 15.1 libisccfg1600-9.16.6-lp151.11.9.1 as a component of openSUSE Leap 15.1 libisccfg1600-32bit-9.16.6-lp151.11.9.1 as a component of openSUSE Leap 15.1 libns1604-9.16.6-lp151.11.9.1 as a component of openSUSE Leap 15.1 libns1604-32bit-9.16.6-lp151.11.9.1 as a component of openSUSE Leap 15.1 libuv-devel-1.18.0-lp151.3.3.1 as a component of openSUSE Leap 15.1 libuv1-1.18.0-lp151.3.3.1 as a component of openSUSE Leap 15.1 libuv1-32bit-1.18.0-lp151.3.3.1 as a component of openSUSE Leap 15.1 python3-bind-9.16.6-lp151.11.9.1 as a component of openSUSE Leap 15.1 sysuser-shadow-2.0-lp151.4.3.1 as a component of openSUSE Leap 15.1 sysuser-tools-2.0-lp151.4.3.1 as a component of openSUSE Leap 15.1 A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other preconditions were met. Affects BIND 9.8.0 -> 9.8.8-P1, 9.9.0 -> 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.0 -> 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0 -> 9.11.0-P3, 9.11.1b1->9.11.1rc1, 9.9.3-S1 -> 9.9.9-S8. CVE-2017-3136 openSUSE Leap 15.1:bind-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:bind-chrootenv-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:bind-devel-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:bind-devel-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:bind-doc-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:bind-utils-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libbind9-1600-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libbind9-1600-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libdns1605-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libdns1605-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libirs-devel-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libirs1601-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libirs1601-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisc1606-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisc1606-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisccc1600-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisccc1600-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisccfg1600-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisccfg1600-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libns1604-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libns1604-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libuv-devel-1.18.0-lp151.3.3.1 openSUSE Leap 15.1:libuv1-1.18.0-lp151.3.3.1 openSUSE Leap 15.1:libuv1-32bit-1.18.0-lp151.3.3.1 openSUSE Leap 15.1:python3-bind-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:sysuser-shadow-2.0-lp151.4.3.1 openSUSE Leap 15.1:sysuser-tools-2.0-lp151.4.3.1 important 2.6 AV:N/AC:H/Au:N/C:N/I:N/A:P 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5DSIJXYG3NFNRGFIFTMKBYDE6QWREQSP/ https://www.suse.com/security/cve/CVE-2017-3136.html CVE-2017-3136 https://bugzilla.suse.com/1018700 SUSE Bug 1018700 https://bugzilla.suse.com/1018701 SUSE Bug 1018701 https://bugzilla.suse.com/1018702 SUSE Bug 1018702 https://bugzilla.suse.com/1024130 SUSE Bug 1024130 https://bugzilla.suse.com/1033461 SUSE Bug 1033461 https://bugzilla.suse.com/1033466 SUSE Bug 1033466 https://bugzilla.suse.com/1081545 SUSE Bug 1081545 To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when sending the update request. Unfortunately, some rule types were not initially documented, and when documentation for them was added to the Administrator Reference Manual (ARM) in change #3112, the language that was added to the ARM at that time incorrectly described the behavior of two rule types, krb5-subdomain and ms-subdomain. This incorrect documentation could mislead operators into believing that policies they had configured were more restrictive than they actually were. This affects BIND versions prior to BIND 9.11.5 and BIND 9.12.3. CVE-2018-5741 openSUSE Leap 15.1:bind-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:bind-chrootenv-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:bind-devel-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:bind-devel-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:bind-doc-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:bind-utils-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libbind9-1600-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libbind9-1600-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libdns1605-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libdns1605-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libirs-devel-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libirs1601-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libirs1601-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisc1606-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisc1606-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisccc1600-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisccc1600-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisccfg1600-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisccfg1600-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libns1604-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libns1604-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libuv-devel-1.18.0-lp151.3.3.1 openSUSE Leap 15.1:libuv1-1.18.0-lp151.3.3.1 openSUSE Leap 15.1:libuv1-32bit-1.18.0-lp151.3.3.1 openSUSE Leap 15.1:python3-bind-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:sysuser-shadow-2.0-lp151.4.3.1 openSUSE Leap 15.1:sysuser-tools-2.0-lp151.4.3.1 moderate 4 AV:N/AC:L/Au:S/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5DSIJXYG3NFNRGFIFTMKBYDE6QWREQSP/ https://www.suse.com/security/cve/CVE-2018-5741.html CVE-2018-5741 https://bugzilla.suse.com/1109160 SUSE Bug 1109160 https://bugzilla.suse.com/1171740 SUSE Bug 1171740 With pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to a query received via UDP or via TCP without pipelining enabled. A client using a TCP-pipelined connection to a server could consume more resources than the server has been provisioned to handle. When a TCP connection with a large number of pipelined queries is closed, the load on the server releasing these multiple resources can cause it to become unresponsive, even for queries that can be answered authoritatively or from cache. (This is most likely to be perceived as an intermittent server problem). CVE-2019-6477 openSUSE Leap 15.1:bind-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:bind-chrootenv-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:bind-devel-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:bind-devel-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:bind-doc-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:bind-utils-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libbind9-1600-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libbind9-1600-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libdns1605-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libdns1605-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libirs-devel-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libirs1601-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libirs1601-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisc1606-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisc1606-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisccc1600-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisccc1600-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisccfg1600-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisccfg1600-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libns1604-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libns1604-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libuv-devel-1.18.0-lp151.3.3.1 openSUSE Leap 15.1:libuv1-1.18.0-lp151.3.3.1 openSUSE Leap 15.1:libuv1-32bit-1.18.0-lp151.3.3.1 openSUSE Leap 15.1:python3-bind-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:sysuser-shadow-2.0-lp151.4.3.1 openSUSE Leap 15.1:sysuser-tools-2.0-lp151.4.3.1 important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5DSIJXYG3NFNRGFIFTMKBYDE6QWREQSP/ https://www.suse.com/security/cve/CVE-2019-6477.html CVE-2019-6477 https://bugzilla.suse.com/1157051 SUSE Bug 1157051 https://bugzilla.suse.com/1197136 SUSE Bug 1197136 A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at least two potential effects: The performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and The attacker can exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor. CVE-2020-8616 openSUSE Leap 15.1:bind-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:bind-chrootenv-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:bind-devel-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:bind-devel-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:bind-doc-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:bind-utils-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libbind9-1600-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libbind9-1600-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libdns1605-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libdns1605-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libirs-devel-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libirs1601-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libirs1601-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisc1606-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisc1606-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisccc1600-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisccc1600-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisccfg1600-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisccfg1600-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libns1604-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libns1604-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libuv-devel-1.18.0-lp151.3.3.1 openSUSE Leap 15.1:libuv1-1.18.0-lp151.3.3.1 openSUSE Leap 15.1:libuv1-32bit-1.18.0-lp151.3.3.1 openSUSE Leap 15.1:python3-bind-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:sysuser-shadow-2.0-lp151.4.3.1 openSUSE Leap 15.1:sysuser-tools-2.0-lp151.4.3.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5DSIJXYG3NFNRGFIFTMKBYDE6QWREQSP/ https://www.suse.com/security/cve/CVE-2020-8616.html CVE-2020-8616 https://bugzilla.suse.com/1109160 SUSE Bug 1109160 https://bugzilla.suse.com/1171740 SUSE Bug 1171740 Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results. CVE-2020-8617 openSUSE Leap 15.1:bind-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:bind-chrootenv-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:bind-devel-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:bind-devel-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:bind-doc-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:bind-utils-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libbind9-1600-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libbind9-1600-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libdns1605-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libdns1605-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libirs-devel-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libirs1601-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libirs1601-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisc1606-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisc1606-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisccc1600-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisccc1600-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisccfg1600-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisccfg1600-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libns1604-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libns1604-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libuv-devel-1.18.0-lp151.3.3.1 openSUSE Leap 15.1:libuv1-1.18.0-lp151.3.3.1 openSUSE Leap 15.1:libuv1-32bit-1.18.0-lp151.3.3.1 openSUSE Leap 15.1:python3-bind-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:sysuser-shadow-2.0-lp151.4.3.1 openSUSE Leap 15.1:sysuser-tools-2.0-lp151.4.3.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5DSIJXYG3NFNRGFIFTMKBYDE6QWREQSP/ https://www.suse.com/security/cve/CVE-2020-8617.html CVE-2020-8617 https://bugzilla.suse.com/1109160 SUSE Bug 1109160 https://bugzilla.suse.com/1171740 SUSE Bug 1171740 An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a specially constructed zone, denying service to clients. CVE-2020-8618 openSUSE Leap 15.1:bind-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:bind-chrootenv-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:bind-devel-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:bind-devel-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:bind-doc-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:bind-utils-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libbind9-1600-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libbind9-1600-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libdns1605-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libdns1605-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libirs-devel-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libirs1601-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libirs1601-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisc1606-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisc1606-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisccc1600-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisccc1600-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisccfg1600-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisccfg1600-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libns1604-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libns1604-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libuv-devel-1.18.0-lp151.3.3.1 openSUSE Leap 15.1:libuv1-1.18.0-lp151.3.3.1 openSUSE Leap 15.1:libuv1-32bit-1.18.0-lp151.3.3.1 openSUSE Leap 15.1:python3-bind-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:sysuser-shadow-2.0-lp151.4.3.1 openSUSE Leap 15.1:sysuser-tools-2.0-lp151.4.3.1 moderate 4 AV:N/AC:L/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5DSIJXYG3NFNRGFIFTMKBYDE6QWREQSP/ https://www.suse.com/security/cve/CVE-2020-8618.html CVE-2020-8618 https://bugzilla.suse.com/1172958 SUSE Bug 1172958 In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9.14.12, BIND 9.16.0 -> 9.16.3, BIND Supported Preview Edition 9.11.14-S1 -> 9.11.19-S1: Unless a nameserver is providing authoritative service for one or more zones and at least one zone contains an empty non-terminal entry containing an asterisk ("*") character, this defect cannot be encountered. A would-be attacker who is allowed to change zone content could theoretically introduce such a record in order to exploit this condition to cause denial of service, though we consider the use of this vector unlikely because any such attack would require a significant privilege level and be easily traceable. CVE-2020-8619 openSUSE Leap 15.1:bind-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:bind-chrootenv-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:bind-devel-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:bind-devel-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:bind-doc-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:bind-utils-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libbind9-1600-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libbind9-1600-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libdns1605-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libdns1605-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libirs-devel-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libirs1601-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libirs1601-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisc1606-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisc1606-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisccc1600-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisccc1600-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisccfg1600-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisccfg1600-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libns1604-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libns1604-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libuv-devel-1.18.0-lp151.3.3.1 openSUSE Leap 15.1:libuv1-1.18.0-lp151.3.3.1 openSUSE Leap 15.1:libuv1-32bit-1.18.0-lp151.3.3.1 openSUSE Leap 15.1:python3-bind-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:sysuser-shadow-2.0-lp151.4.3.1 openSUSE Leap 15.1:sysuser-tools-2.0-lp151.4.3.1 moderate 4 AV:N/AC:L/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5DSIJXYG3NFNRGFIFTMKBYDE6QWREQSP/ https://www.suse.com/security/cve/CVE-2020-8619.html CVE-2020-8619 https://bugzilla.suse.com/1172958 SUSE Bug 1172958 In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who can establish a TCP connection with the server and send data on that connection can exploit this to trigger the assertion failure, causing the server to exit. CVE-2020-8620 openSUSE Leap 15.1:bind-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:bind-chrootenv-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:bind-devel-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:bind-devel-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:bind-doc-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:bind-utils-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libbind9-1600-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libbind9-1600-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libdns1605-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libdns1605-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libirs-devel-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libirs1601-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libirs1601-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisc1606-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisc1606-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisccc1600-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisccc1600-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisccfg1600-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisccfg1600-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libns1604-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libns1604-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libuv-devel-1.18.0-lp151.3.3.1 openSUSE Leap 15.1:libuv1-1.18.0-lp151.3.3.1 openSUSE Leap 15.1:libuv1-32bit-1.18.0-lp151.3.3.1 openSUSE Leap 15.1:python3-bind-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:sysuser-shadow-2.0-lp151.4.3.1 openSUSE Leap 15.1:sysuser-tools-2.0-lp151.4.3.1 important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5DSIJXYG3NFNRGFIFTMKBYDE6QWREQSP/ https://www.suse.com/security/cve/CVE-2020-8620.html CVE-2020-8620 https://bugzilla.suse.com/1175443 SUSE Bug 1175443 https://bugzilla.suse.com/1191120 SUSE Bug 1191120 In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attacker who can send queries to it may be able to trigger the condition that will cause the server to crash. Servers that 'forward only' are not affected. CVE-2020-8621 openSUSE Leap 15.1:bind-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:bind-chrootenv-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:bind-devel-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:bind-devel-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:bind-doc-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:bind-utils-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libbind9-1600-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libbind9-1600-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libdns1605-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libdns1605-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libirs-devel-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libirs1601-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libirs1601-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisc1606-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisc1606-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisccc1600-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisccc1600-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisccfg1600-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisccfg1600-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libns1604-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libns1604-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libuv-devel-1.18.0-lp151.3.3.1 openSUSE Leap 15.1:libuv1-1.18.0-lp151.3.3.1 openSUSE Leap 15.1:libuv1-32bit-1.18.0-lp151.3.3.1 openSUSE Leap 15.1:python3-bind-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:sysuser-shadow-2.0-lp151.4.3.1 openSUSE Leap 15.1:sysuser-tools-2.0-lp151.4.3.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5DSIJXYG3NFNRGFIFTMKBYDE6QWREQSP/ https://www.suse.com/security/cve/CVE-2020-8621.html CVE-2020-8621 https://bugzilla.suse.com/1175443 SUSE Bug 1175443 https://bugzilla.suse.com/1191120 SUSE Bug 1191120 In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and message, and spoof a truncated response to trigger an assertion failure, causing the server to exit. CVE-2020-8622 openSUSE Leap 15.1:bind-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:bind-chrootenv-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:bind-devel-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:bind-devel-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:bind-doc-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:bind-utils-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libbind9-1600-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libbind9-1600-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libdns1605-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libdns1605-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libirs-devel-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libirs1601-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libirs1601-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisc1606-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisc1606-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisccc1600-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisccc1600-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisccfg1600-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisccfg1600-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libns1604-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libns1604-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libuv-devel-1.18.0-lp151.3.3.1 openSUSE Leap 15.1:libuv1-1.18.0-lp151.3.3.1 openSUSE Leap 15.1:libuv1-32bit-1.18.0-lp151.3.3.1 openSUSE Leap 15.1:python3-bind-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:sysuser-shadow-2.0-lp151.4.3.1 openSUSE Leap 15.1:sysuser-tools-2.0-lp151.4.3.1 important 4 AV:N/AC:L/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5DSIJXYG3NFNRGFIFTMKBYDE6QWREQSP/ https://www.suse.com/security/cve/CVE-2020-8622.html CVE-2020-8622 https://bugzilla.suse.com/1175443 SUSE Bug 1175443 https://bugzilla.suse.com/1188888 SUSE Bug 1188888 https://bugzilla.suse.com/1191120 SUSE Bug 1191120 In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with "--enable-native-pkcs11" * be signing one or more zones with an RSA key * be able to receive queries from a possible attacker CVE-2020-8623 openSUSE Leap 15.1:bind-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:bind-chrootenv-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:bind-devel-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:bind-devel-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:bind-doc-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:bind-utils-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libbind9-1600-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libbind9-1600-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libdns1605-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libdns1605-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libirs-devel-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libirs1601-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libirs1601-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisc1606-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisc1606-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisccc1600-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisccc1600-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisccfg1600-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisccfg1600-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libns1604-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libns1604-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libuv-devel-1.18.0-lp151.3.3.1 openSUSE Leap 15.1:libuv1-1.18.0-lp151.3.3.1 openSUSE Leap 15.1:libuv1-32bit-1.18.0-lp151.3.3.1 openSUSE Leap 15.1:python3-bind-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:sysuser-shadow-2.0-lp151.4.3.1 openSUSE Leap 15.1:sysuser-tools-2.0-lp151.4.3.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5DSIJXYG3NFNRGFIFTMKBYDE6QWREQSP/ https://www.suse.com/security/cve/CVE-2020-8623.html CVE-2020-8623 https://bugzilla.suse.com/1175443 SUSE Bug 1175443 https://bugzilla.suse.com/1191120 SUSE Bug 1191120 In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the zone's content could abuse these unintended additional privileges to update other contents of the zone. CVE-2020-8624 openSUSE Leap 15.1:bind-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:bind-chrootenv-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:bind-devel-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:bind-devel-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:bind-doc-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:bind-utils-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libbind9-1600-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libbind9-1600-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libdns1605-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libdns1605-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libirs-devel-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libirs1601-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libirs1601-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisc1606-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisc1606-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisccc1600-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisccc1600-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisccfg1600-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libisccfg1600-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libns1604-32bit-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libns1604-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:libuv-devel-1.18.0-lp151.3.3.1 openSUSE Leap 15.1:libuv1-1.18.0-lp151.3.3.1 openSUSE Leap 15.1:libuv1-32bit-1.18.0-lp151.3.3.1 openSUSE Leap 15.1:python3-bind-9.16.6-lp151.11.9.1 openSUSE Leap 15.1:sysuser-shadow-2.0-lp151.4.3.1 openSUSE Leap 15.1:sysuser-tools-2.0-lp151.4.3.1 important 4 AV:N/AC:L/Au:S/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5DSIJXYG3NFNRGFIFTMKBYDE6QWREQSP/ https://www.suse.com/security/cve/CVE-2020-8624.html CVE-2020-8624 https://bugzilla.suse.com/1175443 SUSE Bug 1175443 https://bugzilla.suse.com/1191120 SUSE Bug 1191120