Security update for bind SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2021:14632-1 Final 1 1 2021-02-18T08:34:38Z current 2021-02-18T08:34:38Z 2021-02-18T08:34:38Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for bind This update for bind fixes the following issues: - CVE-2020-8625: A vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack [bsc#1182246, CVE-2020-8625] The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). sleposp3-bind-14632,slessp4-bind-14632 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2021/suse-su-202114632-1/ Link for SUSE-SU-2021:14632-1 https://lists.suse.com/pipermail/sle-security-updates/2021-February/008341.html E-Mail link for SUSE-SU-2021:14632-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1182246 SUSE Bug 1182246 https://www.suse.com/security/cve/CVE-2020-8625/ SUSE CVE CVE-2020-8625 page SUSE Linux Enterprise Point of Sale 11 SP3 SUSE Linux Enterprise Server 11 SP4-LTSS bind-9.9.6P1-0.51.23.1 bind-chrootenv-9.9.6P1-0.51.23.1 bind-devel-9.9.6P1-0.51.23.1 bind-doc-9.9.6P1-0.51.23.1 bind-libs-9.9.6P1-0.51.23.1 bind-utils-9.9.6P1-0.51.23.1 bind-libs-32bit-9.9.6P1-0.51.23.1 bind-9.9.6P1-0.51.23.1 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 bind-chrootenv-9.9.6P1-0.51.23.1 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 bind-devel-9.9.6P1-0.51.23.1 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 bind-doc-9.9.6P1-0.51.23.1 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 bind-libs-9.9.6P1-0.51.23.1 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 bind-utils-9.9.6P1-0.51.23.1 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 bind-9.9.6P1-0.51.23.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS bind-chrootenv-9.9.6P1-0.51.23.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS bind-doc-9.9.6P1-0.51.23.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS bind-libs-9.9.6P1-0.51.23.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS bind-libs-32bit-9.9.6P1-0.51.23.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS bind-utils-9.9.6P1-0.51.23.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. The most likely outcome of a successful exploitation of the vulnerability is a crash of the named process. However, remote code execution, while unproven, is theoretically possible. Affects: BIND 9.5.0 -> 9.11.27, 9.12.0 -> 9.16.11, and versions BIND 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 -> 9.16.11-S1 of BIND Supported Preview Edition. Also release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch CVE-2020-8625 SUSE Linux Enterprise Point of Sale 11 SP3:bind-9.9.6P1-0.51.23.1 SUSE Linux Enterprise Point of Sale 11 SP3:bind-chrootenv-9.9.6P1-0.51.23.1 SUSE Linux Enterprise Point of Sale 11 SP3:bind-devel-9.9.6P1-0.51.23.1 SUSE Linux Enterprise Point of Sale 11 SP3:bind-doc-9.9.6P1-0.51.23.1 SUSE Linux Enterprise Point of Sale 11 SP3:bind-libs-9.9.6P1-0.51.23.1 SUSE Linux Enterprise Point of Sale 11 SP3:bind-utils-9.9.6P1-0.51.23.1 SUSE Linux Enterprise Server 11 SP4-LTSS:bind-9.9.6P1-0.51.23.1 SUSE Linux Enterprise Server 11 SP4-LTSS:bind-chrootenv-9.9.6P1-0.51.23.1 SUSE Linux Enterprise Server 11 SP4-LTSS:bind-doc-9.9.6P1-0.51.23.1 SUSE Linux Enterprise Server 11 SP4-LTSS:bind-libs-32bit-9.9.6P1-0.51.23.1 SUSE Linux Enterprise Server 11 SP4-LTSS:bind-libs-9.9.6P1-0.51.23.1 SUSE Linux Enterprise Server 11 SP4-LTSS:bind-utils-9.9.6P1-0.51.23.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-202114632-1/ https://www.suse.com/security/cve/CVE-2020-8625.html CVE-2020-8625 https://bugzilla.suse.com/1182246 SUSE Bug 1182246 https://bugzilla.suse.com/1182483 SUSE Bug 1182483 https://bugzilla.suse.com/1192708 SUSE Bug 1192708 https://bugzilla.suse.com/1196172 SUSE Bug 1196172 https://bugzilla.suse.com/1218478 SUSE Bug 1218478 https://bugzilla.suse.com/1225626 SUSE Bug 1225626