Bugzilla – Bug 1192146
VUL-0: CVE-2021-25219: bind: Lame cache can be abused to severely degrade resolver performance
Last modified: 2024-04-19 12:41:04 UTC
rh#2017636 As per upstream report: The lame-ttl option controls how long named caches certain types of broken responses from authoritative servers (see the security advisory for details). This caching mechanism could be abused by an attacker to significantly degrade resolver performance. The vulnerability has been mitigated by changing the default value of lame-ttl to 0 and overriding any explicitly set value with 0, effectively disabling this mechanism altogether. ISC's testing has determined that doing that has a negligible impact on resolver performance while also preventing abuse. Administrators may observe more traffic towards servers issuing certain types of broken responses than in previous BIND 9 releases. Patches: 9.11: https://downloads.isc.org/isc/bind9/9.11.36/patches/ 9.16: https://downloads.isc.org/isc/bind9/9.16.22/patches/ 9.17: https://downloads.isc.org/isc/bind9/9.17.19/patches/ References: https://bugzilla.redhat.com/show_bug.cgi?id=2017636 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25219 http://www.debian.org/security/-1/dsa-4994 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25219 https://kb.isc.org/v1/docs/cve-2021-25219
Affected codestreams: - SUSE:SLE-11:Update 9.6ESVR11W1-0.31.21.1 - SUSE:SLE-11-SP2:Update 9.9.6P1-0.51.26.1 - SUSE:SLE-12-SP1:Update 9.9.9P1-63.25.1 - SUSE:SLE-12-SP4:Update 9.11.22-3.34.1 - SUSE:SLE-15:Update 9.16.6 - SUSE:SLE-15-SP3:Update 9.16.6-22.7.1
openSUSE affected: - openSUSE:Factory 9.16.20 - openSUSE:Leap:15.1:Update 9.16.6 - openSUSE:Leap:15.2:Update 9.16.6 - openSUSE:Leap:15.3 9.16.6
SUSE:SLE-11:Update - https://build.suse.de/request/show/257621 SUSE:SLE-11-SP2:Update - https://build.suse.de/request/show/257623 SUSE:SLE-12-SP1:Update - https://build.suse.de/request/show/257629 SUSE:SLE-12-SP4:Update - https://build.suse.de/request/show/257632 SUSE:SLE-15:Update - https://build.suse.de/request/show/257638 SUSE:SLE-15-SP4:GA - https://build.suse.de/request/show/257682 openSUSE:Factory - https://build.opensuse.org/request/show/929136
SUSE-SU-2021:3657-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 1192146 CVE References: CVE-2021-25219 JIRA References: Sources used: SUSE Linux Enterprise Software Development Kit 12-SP5 (src): bind-9.11.22-3.37.1 SUSE Linux Enterprise Server 12-SP5 (src): bind-9.11.22-3.37.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:3773-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 1192146 CVE References: CVE-2021-25219 JIRA References: Sources used: SUSE Linux Enterprise Module for Server Applications 15-SP2 (src): bind-9.16.6-12.57.1 SUSE Linux Enterprise Module for Basesystem 15-SP2 (src): bind-9.16.6-12.57.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2021:3773-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 1192146 CVE References: CVE-2021-25219 JIRA References: Sources used: openSUSE Leap 15.3 (src): bind-9.16.6-12.57.1
openSUSE-SU-2021:1502-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 1192146 CVE References: CVE-2021-25219 JIRA References: Sources used: openSUSE Leap 15.2 (src): bind-9.16.6-lp152.14.25.1
openSUSE-SU-2022:0151-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1192146 CVE References: CVE-2021-25219 JIRA References: Sources used: openSUSE Leap 15.3 (src): bind-9.16.6-150300.22.13.1
SUSE-SU-2022:0151-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1192146 CVE References: CVE-2021-25219 JIRA References: Sources used: SUSE Linux Enterprise Module for Server Applications 15-SP3 (src): bind-9.16.6-150300.22.13.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): bind-9.16.6-150300.22.13.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2022:0151-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1192146,1199370 CVE References: CVE-2021-25219,CVE-2022-27114 JIRA References: Sources used: openSUSE Leap 15.3 (src): bind-9.16.6-150300.22.13.1 openSUSE Backports SLE-15-SP3 (src): htmldoc-1.9.12-bp153.2.15.1
SUSE-SU-2022:2713-1: An update that solves three vulnerabilities, contains one feature and has two fixes is now available. Category: security (important) Bug References: 1192146,1197135,1197136,1199044,1200685 CVE References: CVE-2021-25219,CVE-2021-25220,CVE-2022-0396 JIRA References: SLE-24600 Sources used: openSUSE Leap 15.4 (src): bind-9.16.31-150400.5.6.1 SUSE Linux Enterprise Module for Server Applications 15-SP4 (src): bind-9.16.31-150400.5.6.1 SUSE Linux Enterprise Module for Basesystem 15-SP4 (src): bind-9.16.31-150400.5.6.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
All done, closing.