NS-SA-2021-0153
2021-09-24 11:21:19
简介
moderate: bind/fontforge security update
严重级别
moderate
主题
An update for bind/fontforge is now available for NewStart CGSL MAIN 5.05/CGSL CORE 5.05.
NewStart Security has rated this update as having a security impact of moderate. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
详细描述
bind: This package contains a tree of files which can be used as a chroot(2) jail for the named(8) program from the BIND package. Based on the code from Jan "Yenya" Kasprzak
fontforge: This package includes the libraries and header files you will need to compile applications against fontforge.
Security Fix(es):
bind: A flaw was found in bind. An assertion failure can occur when trying to verify a truncated response to a TSIG-signed request. The highest threat from this vulnerability is to system availability.(CVE-2020-8622)
bind: A flaw was found in bind. An assertion failure can occur when a specially crafted query for a zone signed with an RSA key. BIND must be compiled with "--enable-native-pkcs11" for the system to be affected. The highest threat from this vulnerability is to system availability.(CVE-2020-8623)
bind: A flaw was found in bind. Updates to "Update-policy" rules of type "subdomain" are treated as if they were of type "zonesub" which allows updates to all parts of the zone along with the intended subdomain. The highest threat from this vulnerability is to data integrity.(CVE-2020-8624)
bind: bugfix
fontforge: An out-of-bounds write was discovered in fontforge while parsing SFD files containing very large LayerCount tokens. The flaw allows an attacker to overwrite data before a buffer allocated on the heap, thus causing the application to crash or execute arbitrary code.(CVE-2020-5395)
fontforge: bugfix
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 5.05.F11B5.
影响组件
影响产品
- CGSL MAIN 5.05
- CGSL CORE 5.05
更新包
{"fix":[{"product":"CGSL MAIN 5.05","pkgs":[{"binary":["bind-pkcs11-libs-9.11.4-26.P2.el7_9.2.x86_64.rpm","bind-libs-9.11.4-26.P2.el7_9.2.x86_64.rpm","bind-9.11.4-26.P2.el7_9.2.x86_64.rpm","bind-license-9.11.4-26.P2.el7_9.2.noarch.rpm","bind-chroot-9.11.4-26.P2.el7_9.2.x86_64.rpm","bind-sdb-9.11.4-26.P2.el7_9.2.x86_64.rpm","bind-utils-9.11.4-26.P2.el7_9.2.x86_64.rpm","bind-pkcs11-devel-9.11.4-26.P2.el7_9.2.x86_64.rpm","bind-pkcs11-utils-9.11.4-26.P2.el7_9.2.x86_64.rpm","bind-devel-9.11.4-26.P2.el7_9.2.x86_64.rpm","bind-export-devel-9.11.4-26.P2.el7_9.2.x86_64.rpm","bind-libs-lite-9.11.4-26.P2.el7_9.2.x86_64.rpm","bind-sdb-chroot-9.11.4-26.P2.el7_9.2.x86_64.rpm","bind-lite-devel-9.11.4-26.P2.el7_9.2.x86_64.rpm","bind-export-libs-9.11.4-26.P2.el7_9.2.x86_64.rpm","bind-pkcs11-9.11.4-26.P2.el7_9.2.x86_64.rpm"],"source":"bind-9.11.4-26.P2.el7_9.2.src.rpm"},{"binary":["fontforge-devel-20120731b-13.el7.x86_64.rpm","fontforge-20120731b-13.el7.x86_64.rpm"],"source":"fontforge-20120731b-13.el7.src.rpm"}]},{"product":"CGSL CORE 5.05","pkgs":[{"binary":["bind-pkcs11-libs-9.11.4-26.P2.el7_9.2.x86_64.rpm","bind-libs-9.11.4-26.P2.el7_9.2.x86_64.rpm","bind-9.11.4-26.P2.el7_9.2.x86_64.rpm","bind-license-9.11.4-26.P2.el7_9.2.noarch.rpm","bind-chroot-9.11.4-26.P2.el7_9.2.x86_64.rpm","bind-sdb-9.11.4-26.P2.el7_9.2.x86_64.rpm","bind-utils-9.11.4-26.P2.el7_9.2.x86_64.rpm","bind-pkcs11-devel-9.11.4-26.P2.el7_9.2.x86_64.rpm","bind-pkcs11-utils-9.11.4-26.P2.el7_9.2.x86_64.rpm","bind-devel-9.11.4-26.P2.el7_9.2.x86_64.rpm","bind-export-devel-9.11.4-26.P2.el7_9.2.x86_64.rpm","bind-libs-lite-9.11.4-26.P2.el7_9.2.x86_64.rpm","bind-sdb-chroot-9.11.4-26.P2.el7_9.2.x86_64.rpm","bind-lite-devel-9.11.4-26.P2.el7_9.2.x86_64.rpm","bind-export-libs-9.11.4-26.P2.el7_9.2.x86_64.rpm","bind-pkcs11-9.11.4-26.P2.el7_9.2.x86_64.rpm"],"source":"bind-9.11.4-26.P2.el7_9.2.src.rpm"},{"binary":["fontforge-devel-20120731b-13.el7.x86_64.rpm","fontforge-20120731b-13.el7.x86_64.rpm"],"source":"fontforge-20120731b-13.el7.src.rpm"}]}]}
CVE
参考