{"id":"MGASA-2020-0259","summary":"Updated bind packages fix security vulnerability","details":"Updated bind packages fix security vulnerabilities:\n\nIt was discovered that Bind incorrectly handled certain TCP-pipelined\nqueries.\nA remote attacker could possibly use this issue to cause Bind to consume\nresources, resulting in a denial of service (CVE-2019-6477).\n\nLior Shafir, Yehuda Afek, and Anat Bremler-Barr discovered that Bind\nincorrectly limited certain fetches. A remote attacker could possibly\nuse this issue to cause Bind to consume resources, leading to a denial\nof service, or possibly use Bind to perform a reflection attack\n(CVE-2020-8616).\n\nTobias Klein discovered that Bind incorrectly handled checking TSIG\nvalidity.\nA remote attacker could use this issue to cause Bind to crash, resulting\nin a denial of service, or possibly perform other attacks \n(CVE-2020-8617).\n","modified":"2026-04-16T04:41:26.734937532Z","published":"2020-06-15T07:54:40Z","upstream":["CVE-2019-6477","CVE-2020-8616","CVE-2020-8617"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2020-0259.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=25724"},{"type":"WEB","url":"https://kb.isc.org/docs/cve-2019-6477"},{"type":"WEB","url":"https://kb.isc.org/docs/cve-2020-8616"},{"type":"WEB","url":"https://kb.isc.org/docs/cve-2020-8617"},{"type":"WEB","url":"https://usn.ubuntu.com/4197-1/"},{"type":"WEB","url":"https://usn.ubuntu.com/4365-1/"}],"affected":[{"package":{"name":"bind","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/bind?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"9.11.6-1.1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2020-0259.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}