{"affected":[{"ecosystem_specific":{"binaries":[{"bind-utils":"9.16.31-150400.5.6.1","python3-bind":"9.16.31-150400.5.6.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15 SP4","name":"bind","purl":"pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"9.16.31-150400.5.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"bind":"9.16.31-150400.5.6.1","bind-doc":"9.16.31-150400.5.6.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Server Applications 15 SP4","name":"bind","purl":"pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"9.16.31-150400.5.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"bind":"9.16.31-150400.5.6.1","bind-doc":"9.16.31-150400.5.6.1","bind-utils":"9.16.31-150400.5.6.1","python3-bind":"9.16.31-150400.5.6.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.4","name":"bind","purl":"pkg:rpm/opensuse/bind&distro=openSUSE%20Leap%2015.4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"9.16.31-150400.5.6.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for bind fixes the following issues:\n\n- CVE-2021-25219: Fixed flaw that allowed abusing lame cache to severely degrade resolver performance (bsc#1192146).\n- CVE-2021-25220: Fixed potentially incorrect answers by cached forwarders (bsc#1197135).\n- CVE-2022-0396: Fixed a incorrect handling of TCP connection slots time frame  leading to deny of service (bsc#1197136).\n\nThe following non-security bugs were fixed:\n\n- Update to release 9.16.31 (jsc#SLE-24600). \n- Logrotation broken since dropping chroot (bsc#1200685).\n- A non-existent initialization script (eg a leftorver\n  'createNamedConfInclude' in /etc/sysconfig/named) may cause named\n  not to start. A warning message is printed in named.prep and\n  the fact is ignored.\n  Also, the return value of a failed script was not handled properly\n  causing a failed script to not prevent named to start. This\n  is now fixed properly.\n  [bsc#1199044, vendor-files.tar.bz2]\n","id":"SUSE-SU-2022:2713-1","modified":"2022-08-09T10:38:14Z","published":"2022-08-09T10:38:14Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2022/suse-su-20222713-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1192146"},{"type":"REPORT","url":"https://bugzilla.suse.com/1197135"},{"type":"REPORT","url":"https://bugzilla.suse.com/1197136"},{"type":"REPORT","url":"https://bugzilla.suse.com/1199044"},{"type":"REPORT","url":"https://bugzilla.suse.com/1200685"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-25219"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-25220"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-0396"}],"related":["CVE-2021-25219","CVE-2021-25220","CVE-2022-0396"],"summary":"Security update for bind","upstream":["CVE-2021-25219","CVE-2021-25220","CVE-2022-0396"]}