Bugzilla – Bug 1182246
VUL-0: CVE-2020-8625: bind: buffer overflow in SPNEGO implementation may leat to remote code execution
Last modified: 2021-10-11 14:36:14 UTC
public through oss On February 17, 2021, Internet Systems Consortium has disclosed a vulnerability in our BIND 9 software about which we previously provided advance notice. CVE-2020-8625: A vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack https://kb.isc.org/docs/cve-2020-8625 With the public announcement of this vulnerability, the embargo period is ended and any updated software packages that have been prepared may be released. ISC's own releases containing fixes are: - BIND 9.11.28 - BIND 9.16.12 - BIND 9.17.10 each of which can be downloaded via the ISC downloads page, https://www.isc.org/downloads For package maintainers who want *only* the fixes for the CVE vulnerabilities, patch diffs are available for each branch in the "patches" subdirectory of the branch's February 2021 maintenance release, e.g.: 9.11 branch: https://downloads.isc.org/isc/bind9/9.11.28/patches 9.16 branch: https://downloads.isc.org/isc/bind9/9.16.12/patches 9.17 branch: no patch necessary for versions >= 9.17.2 Sincerely, Michael McNally ISC Security Officer
SUSE-SU-2021:0507-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 1182246 CVE References: CVE-2020-8625 JIRA References: Sources used: SUSE Manager Server 4.0 (src): bind-9.16.6-12.41.1 SUSE Manager Retail Branch Server 4.0 (src): bind-9.16.6-12.41.1 SUSE Manager Proxy 4.0 (src): bind-9.16.6-12.41.1 SUSE Linux Enterprise Server for SAP 15-SP1 (src): bind-9.16.6-12.41.1 SUSE Linux Enterprise Server for SAP 15 (src): bind-9.16.6-12.41.1 SUSE Linux Enterprise Server 15-SP1-LTSS (src): bind-9.16.6-12.41.1 SUSE Linux Enterprise Server 15-SP1-BCL (src): bind-9.16.6-12.41.1 SUSE Linux Enterprise Server 15-LTSS (src): bind-9.16.6-12.41.1 SUSE Linux Enterprise Module for Server Applications 15-SP2 (src): bind-9.16.6-12.41.1 SUSE Linux Enterprise Module for Basesystem 15-SP2 (src): bind-9.16.6-12.41.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): bind-9.16.6-12.41.1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): bind-9.16.6-12.41.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): bind-9.16.6-12.41.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): bind-9.16.6-12.41.1 SUSE Enterprise Storage 6 (src): bind-9.16.6-12.41.1 SUSE CaaS Platform 4.0 (src): bind-9.16.6-12.41.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:14632-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 1182246 CVE References: CVE-2020-8625 JIRA References: Sources used: SUSE Linux Enterprise Server 11-SP4-LTSS (src): bind-9.9.6P1-0.51.23.1 SUSE Linux Enterprise Point of Sale 11-SP3 (src): bind-9.9.6P1-0.51.23.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): bind-9.9.6P1-0.51.23.1 SUSE Linux Enterprise Debuginfo 11-SP3 (src): bind-9.9.6P1-0.51.23.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:0504-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 1182246 CVE References: CVE-2020-8625 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 8 (src): bind-9.9.9P1-63.20.1 SUSE OpenStack Cloud 8 (src): bind-9.9.9P1-63.20.1 SUSE OpenStack Cloud 7 (src): bind-9.9.9P1-63.20.1 SUSE Linux Enterprise Server for SAP 12-SP3 (src): bind-9.9.9P1-63.20.1 SUSE Linux Enterprise Server for SAP 12-SP2 (src): bind-9.9.9P1-63.20.1 SUSE Linux Enterprise Server 12-SP3-LTSS (src): bind-9.9.9P1-63.20.1 SUSE Linux Enterprise Server 12-SP3-BCL (src): bind-9.9.9P1-63.20.1 SUSE Linux Enterprise Server 12-SP2-LTSS (src): bind-9.9.9P1-63.20.1 SUSE Linux Enterprise Server 12-SP2-BCL (src): bind-9.9.9P1-63.20.1 HPE Helion Openstack 8 (src): bind-9.9.9P1-63.20.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:0503-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 1182246 CVE References: CVE-2020-8625 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 9 (src): bind-9.11.22-3.29.1 SUSE OpenStack Cloud 9 (src): bind-9.11.22-3.29.1 SUSE Linux Enterprise Software Development Kit 12-SP5 (src): bind-9.11.22-3.29.1 SUSE Linux Enterprise Server for SAP 12-SP4 (src): bind-9.11.22-3.29.1 SUSE Linux Enterprise Server 12-SP5 (src): bind-9.11.22-3.29.1 SUSE Linux Enterprise Server 12-SP4-LTSS (src): bind-9.11.22-3.29.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2021:0375-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 1182246 CVE References: CVE-2020-8625 JIRA References: Sources used: openSUSE Leap 15.2 (src): bind-9.16.6-lp152.14.12.1
released