Security update for bind SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2021:0504-1 Final 1 1 2021-02-18T08:33:43Z current 2021-02-18T08:33:43Z 2021-02-18T08:33:43Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for bind This update for bind fixes the following issues: - CVE-2020-8625: A vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack [bsc#1182246, CVE-2020-8625] The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). HPE-Helion-OpenStack-8-2021-504,SUSE-2021-504,SUSE-OpenStack-Cloud-7-2021-504,SUSE-OpenStack-Cloud-8-2021-504,SUSE-OpenStack-Cloud-Crowbar-8-2021-504,SUSE-SLE-SAP-12-SP2-2021-504,SUSE-SLE-SAP-12-SP3-2021-504,SUSE-SLE-SERVER-12-SP2-2021-504,SUSE-SLE-SERVER-12-SP2-BCL-2021-504,SUSE-SLE-SERVER-12-SP3-2021-504,SUSE-SLE-SERVER-12-SP3-BCL-2021-504 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2021/suse-su-20210504-1/ Link for SUSE-SU-2021:0504-1 https://lists.suse.com/pipermail/sle-security-updates/2021-February/008342.html E-Mail link for SUSE-SU-2021:0504-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1182246 SUSE Bug 1182246 https://www.suse.com/security/cve/CVE-2020-8625/ SUSE CVE CVE-2020-8625 page HPE Helion OpenStack 8 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server for SAP Applications 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 bind-9.9.9P1-63.20.1 bind-chrootenv-9.9.9P1-63.20.1 bind-doc-9.9.9P1-63.20.1 bind-libs-9.9.9P1-63.20.1 bind-libs-32bit-9.9.9P1-63.20.1 bind-utils-9.9.9P1-63.20.1 bind-devel-9.9.9P1-63.20.1 bind-libs-64bit-9.9.9P1-63.20.1 bind-lwresd-9.9.9P1-63.20.1 bind-9.9.9P1-63.20.1 as a component of HPE Helion OpenStack 8 bind-chrootenv-9.9.9P1-63.20.1 as a component of HPE Helion OpenStack 8 bind-doc-9.9.9P1-63.20.1 as a component of HPE Helion OpenStack 8 bind-libs-9.9.9P1-63.20.1 as a component of HPE Helion OpenStack 8 bind-libs-32bit-9.9.9P1-63.20.1 as a component of HPE Helion OpenStack 8 bind-utils-9.9.9P1-63.20.1 as a component of HPE Helion OpenStack 8 bind-9.9.9P1-63.20.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL bind-chrootenv-9.9.9P1-63.20.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL bind-doc-9.9.9P1-63.20.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL bind-libs-9.9.9P1-63.20.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL bind-libs-32bit-9.9.9P1-63.20.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL bind-utils-9.9.9P1-63.20.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL bind-9.9.9P1-63.20.1 as a component of SUSE Linux Enterprise Server 12 SP2-LTSS bind-chrootenv-9.9.9P1-63.20.1 as a component of SUSE Linux Enterprise Server 12 SP2-LTSS bind-doc-9.9.9P1-63.20.1 as a component of SUSE Linux Enterprise Server 12 SP2-LTSS bind-libs-9.9.9P1-63.20.1 as a component of SUSE Linux Enterprise Server 12 SP2-LTSS bind-libs-32bit-9.9.9P1-63.20.1 as a component of SUSE Linux Enterprise Server 12 SP2-LTSS bind-utils-9.9.9P1-63.20.1 as a component of SUSE Linux Enterprise Server 12 SP2-LTSS bind-9.9.9P1-63.20.1 as a component of SUSE Linux Enterprise Server 12 SP3-BCL bind-chrootenv-9.9.9P1-63.20.1 as a component of SUSE Linux Enterprise Server 12 SP3-BCL bind-doc-9.9.9P1-63.20.1 as a component of SUSE Linux Enterprise Server 12 SP3-BCL bind-libs-9.9.9P1-63.20.1 as a component of SUSE Linux Enterprise Server 12 SP3-BCL bind-libs-32bit-9.9.9P1-63.20.1 as a component of SUSE Linux Enterprise Server 12 SP3-BCL bind-utils-9.9.9P1-63.20.1 as a component of SUSE Linux Enterprise Server 12 SP3-BCL bind-9.9.9P1-63.20.1 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS bind-chrootenv-9.9.9P1-63.20.1 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS bind-doc-9.9.9P1-63.20.1 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS bind-libs-9.9.9P1-63.20.1 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS bind-libs-32bit-9.9.9P1-63.20.1 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS bind-utils-9.9.9P1-63.20.1 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS bind-9.9.9P1-63.20.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 bind-chrootenv-9.9.9P1-63.20.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 bind-doc-9.9.9P1-63.20.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 bind-libs-9.9.9P1-63.20.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 bind-libs-32bit-9.9.9P1-63.20.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 bind-utils-9.9.9P1-63.20.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 bind-9.9.9P1-63.20.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 bind-chrootenv-9.9.9P1-63.20.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 bind-doc-9.9.9P1-63.20.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 bind-libs-9.9.9P1-63.20.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 bind-libs-32bit-9.9.9P1-63.20.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 bind-utils-9.9.9P1-63.20.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 bind-9.9.9P1-63.20.1 as a component of SUSE OpenStack Cloud 7 bind-chrootenv-9.9.9P1-63.20.1 as a component of SUSE OpenStack Cloud 7 bind-doc-9.9.9P1-63.20.1 as a component of SUSE OpenStack Cloud 7 bind-libs-9.9.9P1-63.20.1 as a component of SUSE OpenStack Cloud 7 bind-libs-32bit-9.9.9P1-63.20.1 as a component of SUSE OpenStack Cloud 7 bind-utils-9.9.9P1-63.20.1 as a component of SUSE OpenStack Cloud 7 bind-9.9.9P1-63.20.1 as a component of SUSE OpenStack Cloud 8 bind-chrootenv-9.9.9P1-63.20.1 as a component of SUSE OpenStack Cloud 8 bind-doc-9.9.9P1-63.20.1 as a component of SUSE OpenStack Cloud 8 bind-libs-9.9.9P1-63.20.1 as a component of SUSE OpenStack Cloud 8 bind-libs-32bit-9.9.9P1-63.20.1 as a component of SUSE OpenStack Cloud 8 bind-utils-9.9.9P1-63.20.1 as a component of SUSE OpenStack Cloud 8 bind-9.9.9P1-63.20.1 as a component of SUSE OpenStack Cloud Crowbar 8 bind-chrootenv-9.9.9P1-63.20.1 as a component of SUSE OpenStack Cloud Crowbar 8 bind-doc-9.9.9P1-63.20.1 as a component of SUSE OpenStack Cloud Crowbar 8 bind-libs-9.9.9P1-63.20.1 as a component of SUSE OpenStack Cloud Crowbar 8 bind-libs-32bit-9.9.9P1-63.20.1 as a component of SUSE OpenStack Cloud Crowbar 8 bind-utils-9.9.9P1-63.20.1 as a component of SUSE OpenStack Cloud Crowbar 8 BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. The most likely outcome of a successful exploitation of the vulnerability is a crash of the named process. However, remote code execution, while unproven, is theoretically possible. Affects: BIND 9.5.0 -> 9.11.27, 9.12.0 -> 9.16.11, and versions BIND 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 -> 9.16.11-S1 of BIND Supported Preview Edition. Also release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch CVE-2020-8625 HPE Helion OpenStack 8:bind-9.9.9P1-63.20.1 HPE Helion OpenStack 8:bind-chrootenv-9.9.9P1-63.20.1 HPE Helion OpenStack 8:bind-doc-9.9.9P1-63.20.1 HPE Helion OpenStack 8:bind-libs-32bit-9.9.9P1-63.20.1 HPE Helion OpenStack 8:bind-libs-9.9.9P1-63.20.1 HPE Helion OpenStack 8:bind-utils-9.9.9P1-63.20.1 SUSE Linux Enterprise Server 12 SP2-BCL:bind-9.9.9P1-63.20.1 SUSE Linux Enterprise Server 12 SP2-BCL:bind-chrootenv-9.9.9P1-63.20.1 SUSE Linux Enterprise Server 12 SP2-BCL:bind-doc-9.9.9P1-63.20.1 SUSE Linux Enterprise Server 12 SP2-BCL:bind-libs-32bit-9.9.9P1-63.20.1 SUSE Linux Enterprise Server 12 SP2-BCL:bind-libs-9.9.9P1-63.20.1 SUSE Linux Enterprise Server 12 SP2-BCL:bind-utils-9.9.9P1-63.20.1 SUSE Linux Enterprise Server 12 SP2-LTSS:bind-9.9.9P1-63.20.1 SUSE Linux Enterprise Server 12 SP2-LTSS:bind-chrootenv-9.9.9P1-63.20.1 SUSE Linux Enterprise Server 12 SP2-LTSS:bind-doc-9.9.9P1-63.20.1 SUSE Linux Enterprise Server 12 SP2-LTSS:bind-libs-32bit-9.9.9P1-63.20.1 SUSE Linux Enterprise Server 12 SP2-LTSS:bind-libs-9.9.9P1-63.20.1 SUSE Linux Enterprise Server 12 SP2-LTSS:bind-utils-9.9.9P1-63.20.1 SUSE Linux Enterprise Server 12 SP3-BCL:bind-9.9.9P1-63.20.1 SUSE Linux Enterprise Server 12 SP3-BCL:bind-chrootenv-9.9.9P1-63.20.1 SUSE Linux Enterprise Server 12 SP3-BCL:bind-doc-9.9.9P1-63.20.1 SUSE Linux Enterprise Server 12 SP3-BCL:bind-libs-32bit-9.9.9P1-63.20.1 SUSE Linux Enterprise Server 12 SP3-BCL:bind-libs-9.9.9P1-63.20.1 SUSE Linux Enterprise Server 12 SP3-BCL:bind-utils-9.9.9P1-63.20.1 SUSE Linux Enterprise Server 12 SP3-LTSS:bind-9.9.9P1-63.20.1 SUSE Linux Enterprise Server 12 SP3-LTSS:bind-chrootenv-9.9.9P1-63.20.1 SUSE Linux Enterprise Server 12 SP3-LTSS:bind-doc-9.9.9P1-63.20.1 SUSE Linux Enterprise Server 12 SP3-LTSS:bind-libs-32bit-9.9.9P1-63.20.1 SUSE Linux Enterprise Server 12 SP3-LTSS:bind-libs-9.9.9P1-63.20.1 SUSE Linux Enterprise Server 12 SP3-LTSS:bind-utils-9.9.9P1-63.20.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:bind-9.9.9P1-63.20.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:bind-chrootenv-9.9.9P1-63.20.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:bind-doc-9.9.9P1-63.20.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:bind-libs-32bit-9.9.9P1-63.20.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:bind-libs-9.9.9P1-63.20.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:bind-utils-9.9.9P1-63.20.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:bind-9.9.9P1-63.20.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:bind-chrootenv-9.9.9P1-63.20.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:bind-doc-9.9.9P1-63.20.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:bind-libs-32bit-9.9.9P1-63.20.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:bind-libs-9.9.9P1-63.20.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:bind-utils-9.9.9P1-63.20.1 SUSE OpenStack Cloud 7:bind-9.9.9P1-63.20.1 SUSE OpenStack Cloud 7:bind-chrootenv-9.9.9P1-63.20.1 SUSE OpenStack Cloud 7:bind-doc-9.9.9P1-63.20.1 SUSE OpenStack Cloud 7:bind-libs-32bit-9.9.9P1-63.20.1 SUSE OpenStack Cloud 7:bind-libs-9.9.9P1-63.20.1 SUSE OpenStack Cloud 7:bind-utils-9.9.9P1-63.20.1 SUSE OpenStack Cloud 8:bind-9.9.9P1-63.20.1 SUSE OpenStack Cloud 8:bind-chrootenv-9.9.9P1-63.20.1 SUSE OpenStack Cloud 8:bind-doc-9.9.9P1-63.20.1 SUSE OpenStack Cloud 8:bind-libs-32bit-9.9.9P1-63.20.1 SUSE OpenStack Cloud 8:bind-libs-9.9.9P1-63.20.1 SUSE OpenStack Cloud 8:bind-utils-9.9.9P1-63.20.1 SUSE OpenStack Cloud Crowbar 8:bind-9.9.9P1-63.20.1 SUSE OpenStack Cloud Crowbar 8:bind-chrootenv-9.9.9P1-63.20.1 SUSE OpenStack Cloud Crowbar 8:bind-doc-9.9.9P1-63.20.1 SUSE OpenStack Cloud Crowbar 8:bind-libs-32bit-9.9.9P1-63.20.1 SUSE OpenStack Cloud Crowbar 8:bind-libs-9.9.9P1-63.20.1 SUSE OpenStack Cloud Crowbar 8:bind-utils-9.9.9P1-63.20.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20210504-1/ https://www.suse.com/security/cve/CVE-2020-8625.html CVE-2020-8625 https://bugzilla.suse.com/1182246 SUSE Bug 1182246 https://bugzilla.suse.com/1182483 SUSE Bug 1182483 https://bugzilla.suse.com/1192708 SUSE Bug 1192708 https://bugzilla.suse.com/1196172 SUSE Bug 1196172 https://bugzilla.suse.com/1218478 SUSE Bug 1218478 https://bugzilla.suse.com/1225626 SUSE Bug 1225626