patches/packages/bind-9.11.22-arm-1_slack14.2.txz: Upgraded.
This update fixes three security issues:
“update-policy” rules of type “subdomain” were incorrectly treated as
“zonesub” rules, which allowed keys used in “subdomain” rules to update
names outside of the specified subdomains. The problem was fixed by making
sure “subdomain” rules are again processed as described in the ARM.
When BIND 9 was compiled with native PKCS#11 support, it was possible to
trigger an assertion failure in code determining the number of bits in the
PKCS#11 RSA public key with a specially crafted packet.
It was possible to trigger an assertion failure when verifying the response
to a TSIG-signed request.
For more information, see:
https://kb.isc.org/docs/cve-2020-8624
https://kb.isc.org/docs/cve-2020-8623
https://kb.isc.org/docs/cve-2020-8622
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8624
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8623
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8622
(* Security fix *)