Alpine: multiple bind packages: security update to 9.14.7-r0

high Tenable Cloud Security Plugin ID 423707

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- Mirror zones are a BIND feature allowing recursive servers to pre-cache zone data provided by other
servers. A mirror zone is similar to a zone of type secondary, except that its data is subject to DNSSEC
validation before being used in answers, as if it had been looked up via traditional recursion, and when
mirror zone data cannot be validated, BIND falls back to using traditional recursion instead of the mirror
zone. However, an error in the validity checks for the incoming zone data can allow an on-path attacker to
replace zone data that was validated with a configured trust anchor with forged data of the attacker's
choosing. The mirror zone feature is most often used to serve a local copy of the root zone. If an
attacker was able to insert themselves into the network path between a recursive server using a mirror
zone and a root name server, this vulnerability could then be used to cause the recursive server to accept
a copy of falsified root zone data. This affects BIND versions 9.14.0 up to 9.14.6, and 9.15.0 up to
9.15.4. (CVE-2019-6475)

- A defect in code added to support QNAME minimization can cause named to exit with an assertion failure if
a forwarder returns a referral rather than resolving the query. This affects BIND versions 9.14.0 up to
9.14.6, and 9.15.0 up to 9.15.4. (CVE-2019-6476)

See Also

https://security.alpinelinux.org/vuln/CVE-2019-6475

https://security.alpinelinux.org/vuln/CVE-2019-6476

Plugin Details

Severity: High

ID: 423707

Version: Revision 1.7

Type: Local

Published: 4/4/2025

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Low

Score: 3

Percentile: 23.18

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS Score Source: CVE-2019-6475

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 10/16/2019

Reference Information

CVE: CVE-2019-6475, CVE-2019-6476

IAVA: 2019-A-0397-S