ALAS2-2020-1564

Amazon Linux 2 Security Advisory: ALAS-2020-1564
Advisory Release Date: 2020-12-08 20:55 Pacific
Advisory Updated Date: 2020-12-08 22:20 Pacific
Severity: Medium
Issue Overview:

A flaw was found in bind. An assertion failure can occur when trying to verify a truncated response to a TSIG-signed request. The highest threat from this vulnerability is to system availability. (CVE-2020-8622)

A flaw was found in bind. An assertion failure can occur when a specially crafted query for a zone signed with an RSA key. BIND must be compiled with "--enable-native-pkcs11" for the system to be affected. The highest threat from this vulnerability is to system availability. (CVE-2020-8623)

A flaw was found in bind. Updates to "Update-policy" rules of type "subdomain" are treated as if they were of type "zonesub" which allows updates to all parts of the zone along with the intended subdomain. The highest threat from this vulnerability is to data integrity. (CVE-2020-8624)


Affected Packages:

bind


Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.


Issue Correction:
Run yum update bind to update your system.

New Packages:
aarch64:
    bind-9.11.4-26.P2.amzn2.2.aarch64
    bind-pkcs11-9.11.4-26.P2.amzn2.2.aarch64
    bind-pkcs11-utils-9.11.4-26.P2.amzn2.2.aarch64
    bind-pkcs11-libs-9.11.4-26.P2.amzn2.2.aarch64
    bind-pkcs11-devel-9.11.4-26.P2.amzn2.2.aarch64
    bind-sdb-9.11.4-26.P2.amzn2.2.aarch64
    bind-libs-lite-9.11.4-26.P2.amzn2.2.aarch64
    bind-libs-9.11.4-26.P2.amzn2.2.aarch64
    bind-utils-9.11.4-26.P2.amzn2.2.aarch64
    bind-devel-9.11.4-26.P2.amzn2.2.aarch64
    bind-lite-devel-9.11.4-26.P2.amzn2.2.aarch64
    bind-chroot-9.11.4-26.P2.amzn2.2.aarch64
    bind-sdb-chroot-9.11.4-26.P2.amzn2.2.aarch64
    bind-export-libs-9.11.4-26.P2.amzn2.2.aarch64
    bind-export-devel-9.11.4-26.P2.amzn2.2.aarch64
    bind-debuginfo-9.11.4-26.P2.amzn2.2.aarch64

i686:
    bind-9.11.4-26.P2.amzn2.2.i686
    bind-pkcs11-9.11.4-26.P2.amzn2.2.i686
    bind-pkcs11-utils-9.11.4-26.P2.amzn2.2.i686
    bind-pkcs11-libs-9.11.4-26.P2.amzn2.2.i686
    bind-pkcs11-devel-9.11.4-26.P2.amzn2.2.i686
    bind-sdb-9.11.4-26.P2.amzn2.2.i686
    bind-libs-lite-9.11.4-26.P2.amzn2.2.i686
    bind-libs-9.11.4-26.P2.amzn2.2.i686
    bind-utils-9.11.4-26.P2.amzn2.2.i686
    bind-devel-9.11.4-26.P2.amzn2.2.i686
    bind-lite-devel-9.11.4-26.P2.amzn2.2.i686
    bind-chroot-9.11.4-26.P2.amzn2.2.i686
    bind-sdb-chroot-9.11.4-26.P2.amzn2.2.i686
    bind-export-libs-9.11.4-26.P2.amzn2.2.i686
    bind-export-devel-9.11.4-26.P2.amzn2.2.i686
    bind-debuginfo-9.11.4-26.P2.amzn2.2.i686

noarch:
    bind-license-9.11.4-26.P2.amzn2.2.noarch

src:
    bind-9.11.4-26.P2.amzn2.2.src

x86_64:
    bind-9.11.4-26.P2.amzn2.2.x86_64
    bind-pkcs11-9.11.4-26.P2.amzn2.2.x86_64
    bind-pkcs11-utils-9.11.4-26.P2.amzn2.2.x86_64
    bind-pkcs11-libs-9.11.4-26.P2.amzn2.2.x86_64
    bind-pkcs11-devel-9.11.4-26.P2.amzn2.2.x86_64
    bind-sdb-9.11.4-26.P2.amzn2.2.x86_64
    bind-libs-lite-9.11.4-26.P2.amzn2.2.x86_64
    bind-libs-9.11.4-26.P2.amzn2.2.x86_64
    bind-utils-9.11.4-26.P2.amzn2.2.x86_64
    bind-devel-9.11.4-26.P2.amzn2.2.x86_64
    bind-lite-devel-9.11.4-26.P2.amzn2.2.x86_64
    bind-chroot-9.11.4-26.P2.amzn2.2.x86_64
    bind-sdb-chroot-9.11.4-26.P2.amzn2.2.x86_64
    bind-export-libs-9.11.4-26.P2.amzn2.2.x86_64
    bind-export-devel-9.11.4-26.P2.amzn2.2.x86_64
    bind-debuginfo-9.11.4-26.P2.amzn2.2.x86_64

Additional References

Red Hat: CVE-2020-8622, CVE-2020-8623, CVE-2020-8624

Mitre: CVE-2020-8622, CVE-2020-8623, CVE-2020-8624