Professional Documents
Culture Documents
4 Red Hat Update for bind (RHSA-2019:1294) CVSS: - CVSS3: 6.5 Active
CVSS Environment:
Asset Group: -
Collateral Damage Potential: -
Target Distribution: -
Confidentiality Requirement: -
Integrity Requirement: -
Availability Requirement: -
THREAT:
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols.
Security Fix: bind: Limiting simultaneous TCP clients is ineffective (CVE-2018-5743)
Affected Products: Red Hat Enterprise Linux Server 7 x86_64 Red Hat Enterprise Linux Server - Extended Update Support
7.6 x86_64 Red Hat Enterprise Linux Server - AUS 7.6 x86_64 Red Hat Enterprise Linux Workstation 7 x86_64
Red Hat Enterprise Linux Desktop 7 x86_64 Red Hat Enterprise Linux for IBM z Systems 7 s390x Red Hat
Enterprise Linux for IBM z Systems - Extended Update Support 7.6 s390x Red Hat Enterprise Linux for Power, big endian 7 ppc64
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.6 ppc64 Red Hat Enterprise Linux for Scientific
Computing 7 x86_64 Red Hat Enterprise Linux EUS Compute Node 7.6 x86_64 Red Hat Enterprise Linux for Power,
little endian 7 ppc64le Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.6 ppc64le Red
Hat Enterprise Linux Server - TUS 7.6 x86_64 Red Hat Enterprise Linux for ARM 64 7 aarch64 Red Hat Enterprise
Linux for Power 9 7 ppc64le Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.6 ppc64le
IMPACT:
On successful exploitation it could allow an attacker to execute code.
SOLUTION:
Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system (https://access.redhat.com/
articles/11258) for details.
Refer to Red Hat security advisory RHSA-2019:1294 (https://access.redhat.com/errata/RHSA-2019:1294) to address this issue and obtain more
information.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
RHSA-2019:1294: Red Hat Enterprise Linux (https://access.redhat.com/errata/RHSA-2019:1294)
COMPLIANCE:
Not Applicable
EXPLOITABILITY: