CVE-2021-25216

NameCVE-2021-25216
DescriptionIn BIND 9.5.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9 ...
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-2647-1, DSA-4909-1, ELA-418-1
Debian Bugs987743

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
bind9 (PTS)jessie, jessie (lts)1:9.9.5.dfsg-9+deb8u22fixed
stretch1:9.10.3.dfsg.P4-12.3+deb9u6vulnerable
stretch (security)1:9.10.3.dfsg.P4-12.3+deb9u9fixed
buster, buster (security)1:9.11.5.P4+dfsg-5.1+deb10u5fixed
bullseye, sid1:9.16.15-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
bind9sourcejessie1:9.9.5.dfsg-9+deb8u22ELA-418-1
bind9sourcestretch1:9.10.3.dfsg.P4-12.3+deb9u9DLA-2647-1
bind9sourcebuster1:9.11.5.P4+dfsg-5.1+deb10u5DSA-4909-1
bind9source(unstable)1:9.16.15-1987743

Notes

https://kb.isc.org/docs/cve-2021-25216
https://gitlab.isc.org/isc-projects/bind9/commit/216a97188d86cb3edb307a40ff5ee61b030eb033 (v9_16_15)
https://gitlab.isc.org/isc-projects/bind9/commit/a875dcc66969ea3995eb6fc1545d39dafcb56b26 (v9_16_15)
https://gitlab.isc.org/isc-projects/bind9/commit/6b0b0c6aba2488f8db5d6cdbc44162b98ffa5ed4 (v9_16_15)
https://gitlab.isc.org/isc-projects/bind9/commit/3fd30e16340afd95ee8c7dca8a5ff7cc35d069bc (v9_16_15)
https://gitlab.isc.org/isc-projects/bind9/commit/565a6a56791b01b86e2fd1eaa1907bf985f2e997 (v9_16_15)
https://gitlab.isc.org/isc-projects/bind9/commit/99132eda0e006932fa5927d4ad81bced0d3b3042 (v9_16_15)
Issue can be mitigated configuring with --disable-isc-spnego and using the system library.

Search for package or bug name: Reporting problems