search

ventz / docker-bind

Docker Hub ventz/bind - Secure ISC BIND (Authoritative, Recursive, Slave, RPZ) - Docker image always latest built!
https://hub.docker.com/r/ventz/bind/
34 stars 37 forks source link

CVE-2019-6475 and CVE-2019-6476 #28

Closed ventz closed 4 years ago

ventz commented 4 years ago

CVE-2019-6475

CVE-2019-6475: A flaw in mirror zone validity checking can allow zone data to be spoofed

Versions affected: BIND 9.14.0 -> 9.14.6  and 9.15.0 -> 9.15.4
Severity: Medium
Exploitable: Remotely

Upgrade to the patched release most closely related to your current version of BIND:
BIND 9.14.7
BIND 9.15.5

CVE-2019-6476

CVE-2019-6476: An error in QNAME minimization code can cause BIND to exit with an assertion failure

Versions: BIND 9.14.0 -> 9.14.6 and 9.15.0 -> 9.15.4
Severity: Medium
Exploitable: Remotely

Upgrade to the patched release most closely related to your current version of BIND:
BIND 9.14.7
BIND 9.15.5

ping: @tcely - re: bind (9.14.3-r0) in upstream alpine for docker.

ventz commented 4 years ago

https://github.com/ventz/aports/commit/548a591acbd951ba85c02c75e0e11e719963e6d9

ventz commented 4 years ago

Here is the PR: https://github.com/alpinelinux/aports/pull/11954

ventz commented 4 years ago

PR Pulled upstream: https://github.com/alpinelinux/aports/pull/11954#issuecomment-545869265