{"id":"MGASA-2021-0110","summary":"Updated bind packages fix security vulnerability","details":"A buffer overflow vulnerability was discovered in the SPNEGO implementation\naffecting the GSSAPI security policy negotiation in BIND, which could result in\ndenial of service (daemon crash), or potentially the execution of arbitrary\ncode (CVE-2020-8625).\n\nThe default configuration is not vulnerable to this issue, but it is if the\ntkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options are set.\n","modified":"2026-04-16T04:43:58.003149796Z","published":"2021-03-04T16:53:32Z","upstream":["CVE-2020-8625"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2021-0110.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=28394"},{"type":"WEB","url":"https://kb.isc.org/docs/cve-2020-8625"},{"type":"WEB","url":"https://www.debian.org/security/2021/dsa-4857"}],"affected":[{"package":{"name":"bind","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/bind?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"9.11.6-1.3.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0110.json"}},{"package":{"name":"bind","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/bind?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"9.11.27-1.1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0110.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}