Security update for bind SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2022:0946-1 Final 1 1 2022-03-24T14:19:53Z current 2022-03-24T14:19:53Z 2022-03-24T14:19:53Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for bind This update for bind fixes the following issues: - CVE-2021-25220: Fixed a DNS cache poisoning vulnerability due to loose caching rules (bsc#1197135). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-SLE-15.3-2022-946,openSUSE-SLE-15.4-2022-946 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/H45VCAWRRO6SPMMAFDPU45PJLVOMA44Y/ E-Mail link for openSUSE-SU-2022:0946-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1197135 SUSE Bug 1197135 https://www.suse.com/security/cve/CVE-2021-25220/ SUSE CVE CVE-2021-25220 page openSUSE Leap 15.3 bind-devel-32bit-9.16.6-150000.12.60.1 libbind9-1600-32bit-9.16.6-150000.12.60.1 libdns1605-32bit-9.16.6-150000.12.60.1 libirs1601-32bit-9.16.6-150000.12.60.1 libisc1606-32bit-9.16.6-150000.12.60.1 libisccc1600-32bit-9.16.6-150000.12.60.1 libisccfg1600-32bit-9.16.6-150000.12.60.1 libns1604-32bit-9.16.6-150000.12.60.1 bind-devel-32bit-9.16.6-150000.12.60.1 as a component of openSUSE Leap 15.3 libbind9-1600-32bit-9.16.6-150000.12.60.1 as a component of openSUSE Leap 15.3 libdns1605-32bit-9.16.6-150000.12.60.1 as a component of openSUSE Leap 15.3 libirs1601-32bit-9.16.6-150000.12.60.1 as a component of openSUSE Leap 15.3 libisc1606-32bit-9.16.6-150000.12.60.1 as a component of openSUSE Leap 15.3 libisccc1600-32bit-9.16.6-150000.12.60.1 as a component of openSUSE Leap 15.3 libisccfg1600-32bit-9.16.6-150000.12.60.1 as a component of openSUSE Leap 15.3 libns1604-32bit-9.16.6-150000.12.60.1 as a component of openSUSE Leap 15.3 BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients. CVE-2021-25220 openSUSE Leap 15.3:bind-devel-32bit-9.16.6-150000.12.60.1 openSUSE Leap 15.3:libbind9-1600-32bit-9.16.6-150000.12.60.1 openSUSE Leap 15.3:libdns1605-32bit-9.16.6-150000.12.60.1 openSUSE Leap 15.3:libirs1601-32bit-9.16.6-150000.12.60.1 openSUSE Leap 15.3:libisc1606-32bit-9.16.6-150000.12.60.1 openSUSE Leap 15.3:libisccc1600-32bit-9.16.6-150000.12.60.1 openSUSE Leap 15.3:libisccfg1600-32bit-9.16.6-150000.12.60.1 openSUSE Leap 15.3:libns1604-32bit-9.16.6-150000.12.60.1 moderate 4 AV:N/AC:L/Au:S/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/H45VCAWRRO6SPMMAFDPU45PJLVOMA44Y/ https://www.suse.com/security/cve/CVE-2021-25220.html CVE-2021-25220 https://bugzilla.suse.com/1197135 SUSE Bug 1197135