Bug 1203618 - (CVE-2022-3080) VUL-0: CVE-2022-3080: bind: BIND 9 resolvers configured to answer from stale cache with zero stale-answer-client-timeout may terminate unexpectedly
(CVE-2022-3080)
VUL-0: CVE-2022-3080: bind: BIND 9 resolvers configured to answer from stale ...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Jorik Cronenberg
Security Team bot
https://smash.suse.de/issue/343132/
CVSSv3.1:SUSE:CVE-2022-3080:7.5:(AV:N...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-09-21 12:27 UTC by Thomas Leroy
Modified: 2022-11-28 13:47 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Leroy 2022-09-21 12:27:14 UTC
CVE-2022-3080

Posted by Michał Kępień on Sep 21On 21 September 2022 we (Internet Systems Consortium) disclosed six vulnerabilities affecting our BIND 9 software:

Patches:
- https://downloads.isc.org/isc/bind9/9.16.33/patches/
- https://downloads.isc.org/isc/bind9/9.18.7/patches/

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3080
https://seclists.org/oss-sec/2022/q3/217
https://kb.isc.org/docs/cve-2022-2795
https://kb.isc.org/docs/cve-2022-2881
Comment 1 Thomas Leroy 2022-09-21 12:29:30 UTC
Affected:
- openSUSE:Factory
- SUSE:SLE-15-SP4:Update
Comment 3 Swamp Workflow Management 2022-10-26 13:27:32 UTC
SUSE-SU-2022:3767-1: An update that solves four vulnerabilities, contains one feature and has two fixes is now available.

Category: security (important)
Bug References: 1201689,1203250,1203614,1203618,1203619,1203620
CVE References: CVE-2022-2795,CVE-2022-3080,CVE-2022-38177,CVE-2022-38178
JIRA References: SLE-24600
Sources used:
openSUSE Leap 15.4 (src):    bind-9.16.33-150400.5.11.1
SUSE Linux Enterprise Module for Server Applications 15-SP4 (src):    bind-9.16.33-150400.5.11.1
SUSE Linux Enterprise Module for Basesystem 15-SP4 (src):    bind-9.16.33-150400.5.11.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 4 Jorik Cronenberg 2022-11-28 13:47:09 UTC
All maintained affected codestreams have been patched.