Red Hat Security Advisory 2022-6781-01

Red Hat Security Advisory 2022-6781-01: Posted Oct 5, 2022; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2022-6781-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Issues addressed include a memory leak vulnerability.; tags | advisory, protocol, memory leak; systems | linux, redhat; advisories | CVE-2022-3080, CVE-2022-38177, CVE-2022-38178; SHA-256 | 4a082bb009ab8361bc3b0cc6e4d366ace8d79f220e2ab35018a9886dc46c6a63; Download | Favorite | View

Red Hat Security Advisory 2022-6781-01

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   
Red Hat Security Advisory

Synopsis:          Important: bind9.16 security update
Advisory ID:       RHSA-2022:6781-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6781
Issue date:        2022-10-04
CVE Names:         CVE-2022-3080 CVE-2022-38177 CVE-2022-38178
====================================================================
1. Summary:

An update for bind9.16 is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain
Name System (DNS) protocols. BIND includes a DNS server (named); a resolver
library (routines for applications to use when interfacing with DNS); and
tools for verifying that the DNS server is operating correctly.

Security Fix(es):

* bind: BIND 9 resolvers configured to answer from cache with zero
stale-answer-timeout may terminate unexpectedly (CVE-2022-3080)

* bind: memory leak in ECDSA DNSSEC verification code (CVE-2022-38177)

* bind: memory leaks in EdDSA DNSSEC verification code (CVE-2022-38178)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2128600 - CVE-2022-3080 bind: BIND 9 resolvers configured to answer from cache with zero stale-answer-timeout may terminate unexpectedly
2128601 - CVE-2022-38177 bind: memory leak in ECDSA DNSSEC verification code
2128602 - CVE-2022-38178 bind: memory leaks in EdDSA DNSSEC verification code

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:
bind9.16-9.16.23-0.7.el8_6.1.src.rpm

aarch64:
bind9.16-9.16.23-0.7.el8_6.1.aarch64.rpm
bind9.16-chroot-9.16.23-0.7.el8_6.1.aarch64.rpm
bind9.16-debuginfo-9.16.23-0.7.el8_6.1.aarch64.rpm
bind9.16-debugsource-9.16.23-0.7.el8_6.1.aarch64.rpm
bind9.16-dnssec-utils-debuginfo-9.16.23-0.7.el8_6.1.aarch64.rpm
bind9.16-libs-9.16.23-0.7.el8_6.1.aarch64.rpm
bind9.16-libs-debuginfo-9.16.23-0.7.el8_6.1.aarch64.rpm
bind9.16-utils-9.16.23-0.7.el8_6.1.aarch64.rpm
bind9.16-utils-debuginfo-9.16.23-0.7.el8_6.1.aarch64.rpm

noarch:
bind9.16-license-9.16.23-0.7.el8_6.1.noarch.rpm

ppc64le:
bind9.16-9.16.23-0.7.el8_6.1.ppc64le.rpm
bind9.16-chroot-9.16.23-0.7.el8_6.1.ppc64le.rpm
bind9.16-debuginfo-9.16.23-0.7.el8_6.1.ppc64le.rpm
bind9.16-debugsource-9.16.23-0.7.el8_6.1.ppc64le.rpm
bind9.16-dnssec-utils-debuginfo-9.16.23-0.7.el8_6.1.ppc64le.rpm
bind9.16-libs-9.16.23-0.7.el8_6.1.ppc64le.rpm
bind9.16-libs-debuginfo-9.16.23-0.7.el8_6.1.ppc64le.rpm
bind9.16-utils-9.16.23-0.7.el8_6.1.ppc64le.rpm
bind9.16-utils-debuginfo-9.16.23-0.7.el8_6.1.ppc64le.rpm

s390x:
bind9.16-9.16.23-0.7.el8_6.1.s390x.rpm
bind9.16-chroot-9.16.23-0.7.el8_6.1.s390x.rpm
bind9.16-debuginfo-9.16.23-0.7.el8_6.1.s390x.rpm
bind9.16-debugsource-9.16.23-0.7.el8_6.1.s390x.rpm
bind9.16-dnssec-utils-debuginfo-9.16.23-0.7.el8_6.1.s390x.rpm
bind9.16-libs-9.16.23-0.7.el8_6.1.s390x.rpm
bind9.16-libs-debuginfo-9.16.23-0.7.el8_6.1.s390x.rpm
bind9.16-utils-9.16.23-0.7.el8_6.1.s390x.rpm
bind9.16-utils-debuginfo-9.16.23-0.7.el8_6.1.s390x.rpm

x86_64:
bind9.16-9.16.23-0.7.el8_6.1.x86_64.rpm
bind9.16-chroot-9.16.23-0.7.el8_6.1.x86_64.rpm
bind9.16-debuginfo-9.16.23-0.7.el8_6.1.x86_64.rpm
bind9.16-debugsource-9.16.23-0.7.el8_6.1.x86_64.rpm
bind9.16-dnssec-utils-debuginfo-9.16.23-0.7.el8_6.1.x86_64.rpm
bind9.16-libs-9.16.23-0.7.el8_6.1.x86_64.rpm
bind9.16-libs-debuginfo-9.16.23-0.7.el8_6.1.x86_64.rpm
bind9.16-utils-9.16.23-0.7.el8_6.1.x86_64.rpm
bind9.16-utils-debuginfo-9.16.23-0.7.el8_6.1.x86_64.rpm

Red Hat CodeReady Linux Builder (v. 8):

aarch64:
bind9.16-debuginfo-9.16.23-0.7.el8_6.1.aarch64.rpm
bind9.16-debugsource-9.16.23-0.7.el8_6.1.aarch64.rpm
bind9.16-devel-9.16.23-0.7.el8_6.1.aarch64.rpm
bind9.16-dnssec-utils-9.16.23-0.7.el8_6.1.aarch64.rpm
bind9.16-dnssec-utils-debuginfo-9.16.23-0.7.el8_6.1.aarch64.rpm
bind9.16-libs-debuginfo-9.16.23-0.7.el8_6.1.aarch64.rpm
bind9.16-utils-debuginfo-9.16.23-0.7.el8_6.1.aarch64.rpm

noarch:
bind9.16-doc-9.16.23-0.7.el8_6.1.noarch.rpm
python3-bind9.16-9.16.23-0.7.el8_6.1.noarch.rpm

ppc64le:
bind9.16-debuginfo-9.16.23-0.7.el8_6.1.ppc64le.rpm
bind9.16-debugsource-9.16.23-0.7.el8_6.1.ppc64le.rpm
bind9.16-devel-9.16.23-0.7.el8_6.1.ppc64le.rpm
bind9.16-dnssec-utils-9.16.23-0.7.el8_6.1.ppc64le.rpm
bind9.16-dnssec-utils-debuginfo-9.16.23-0.7.el8_6.1.ppc64le.rpm
bind9.16-libs-debuginfo-9.16.23-0.7.el8_6.1.ppc64le.rpm
bind9.16-utils-debuginfo-9.16.23-0.7.el8_6.1.ppc64le.rpm

s390x:
bind9.16-debuginfo-9.16.23-0.7.el8_6.1.s390x.rpm
bind9.16-debugsource-9.16.23-0.7.el8_6.1.s390x.rpm
bind9.16-devel-9.16.23-0.7.el8_6.1.s390x.rpm
bind9.16-dnssec-utils-9.16.23-0.7.el8_6.1.s390x.rpm
bind9.16-dnssec-utils-debuginfo-9.16.23-0.7.el8_6.1.s390x.rpm
bind9.16-libs-debuginfo-9.16.23-0.7.el8_6.1.s390x.rpm
bind9.16-utils-debuginfo-9.16.23-0.7.el8_6.1.s390x.rpm

x86_64:
bind9.16-debuginfo-9.16.23-0.7.el8_6.1.i686.rpm
bind9.16-debuginfo-9.16.23-0.7.el8_6.1.x86_64.rpm
bind9.16-debugsource-9.16.23-0.7.el8_6.1.i686.rpm
bind9.16-debugsource-9.16.23-0.7.el8_6.1.x86_64.rpm
bind9.16-devel-9.16.23-0.7.el8_6.1.i686.rpm
bind9.16-devel-9.16.23-0.7.el8_6.1.x86_64.rpm
bind9.16-dnssec-utils-9.16.23-0.7.el8_6.1.x86_64.rpm
bind9.16-dnssec-utils-debuginfo-9.16.23-0.7.el8_6.1.i686.rpm
bind9.16-dnssec-utils-debuginfo-9.16.23-0.7.el8_6.1.x86_64.rpm
bind9.16-libs-9.16.23-0.7.el8_6.1.i686.rpm
bind9.16-libs-debuginfo-9.16.23-0.7.el8_6.1.i686.rpm
bind9.16-libs-debuginfo-9.16.23-0.7.el8_6.1.x86_64.rpm
bind9.16-utils-debuginfo-9.16.23-0.7.el8_6.1.i686.rpm
bind9.16-utils-debuginfo-9.16.23-0.7.el8_6.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-3080
https://access.redhat.com/security/cve/CVE-2022-38177
https://access.redhat.com/security/cve/CVE-2022-38178
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYzyeFdzjgjWX9erEAQiqMw//aAEV47xube48dUhbnG5ep+XzvXRW20+w
STz0FkAuwHDlhu9d9xEojztlQ5ed9Ofgc6oOHt6qptv4eoVk/7sw5RnICfhHL5ST
wxcB36ZiCuz2/WZLvepv+84QP98O54xKG2is1KvJHcoPfh8Nz7NP9CT5ZhLwXXIL
SlaWvgv2jw8+tAlr5m7e+mPTEErjvxHqJ2ER2QXQSdhev+xXd1m2cOXQfP8Xqj1W
/uriAE4eraeoPaHkwWaUB+86+zfb8g5SoXzvrSutcJ6OcEYL/4085Q51NiDjO0P/
AB6nLkBKLqUJFrFeTLUPZBj/daDlEzfukhYdds8gkExYENapo1On82i+c3rePG5a
ue1feeid9D6JFMaTqIcXOvvE+rkQB2/GyBKZKteSfZhc3uqQgJvwreSGCLv/rPT0
dgjHuinWNg3kI1VOX5aAs57K5/5SU9dnV/8cSx2sWcrzhsmS7xdBq9oxc32+mkjg
C4u2Sxe73QcKjzxWQ4ypLwxcTVvArxIJxhWmMOho0B6grfoNQfIZ16iqrczkjOh0
LVb5CEBtNixVx897qnCO+OKlwg4HQosEmuHPzQS9KELtZIN22fkqSqHn2KYd/I27
/cg8rbPcw/tAJ7J57Lb/lZI6CXc1bWIVXyr65RioXF/1rr9CDVfVCcSOW9G+UsU5
5FsBAeb4vIg=rhgu
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Top Authors In Last 30 Days

Red Hat 310 files
Ubuntu 64 files
Debian 33 files
Gentoo 32 files
LiquidWorm 10 files
Apple 9 files
malvuln 6 files
Adam Gowdiak 4 files
nu11secur1ty 4 files
Ahmet Umit Bayram 4 files

File Archives

Systems

AIX (429)
Apple (2,087)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,042)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,499)
HPUX (880)
iOS (375)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,619)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,770)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,499)
UNIX (9,401)
UnixWare (187)
Windows (6,659)
Other

Red Hat Security Advisory 2022-6781-01

Red Hat Security Advisory 2022-6781-01

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Red Hat Security Advisory 2022-6781-01

Share This

Red Hat Security Advisory 2022-6781-01

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems