Alpine: bind: security update to 9.11.6_p1-r0

high Tenable Self-Hosted Container Security Plugin ID 403645

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- By design, BIND is intended to limit the number of TCP clients that can be connected at any given time.
The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value
for most servers. Unfortunately, the code which was intended to limit the number of simultaneous
connections contained an error which could be exploited to grow the number of simultaneous connections
beyond this limit. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.6, 9.12.0 -> 9.12.4, 9.14.0.
BIND 9 Supported Preview Edition versions 9.9.3-S1 -> 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -> 9.13.7
of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for
vulnerability to CVE-2018-5743. (CVE-2018-5743)

- A programming error in the nxdomain-redirect feature can cause an assertion failure in query.c if the
alternate namespace used by nxdomain-redirect is a descendant of a zone that is served locally. The most
likely scenario where this might occur is if the server, in addition to performing NXDOMAIN redirection
for recursive clients, is also serving a local copy of the root zone or using mirroring to provide the
root zone, although other configurations are also possible. Versions affected: BIND 9.12.0-> 9.12.4,
9.14.0. Also affects all releases in the 9.13 development branch. (CVE-2019-6467)

See Also

https://security.alpinelinux.org/vuln/CVE-2018-5743

https://security.alpinelinux.org/vuln/CVE-2019-6467

Plugin Details

Severity: High

ID: 403645

Version: Revision 1.25

Type: Local

Published: 10/31/2023

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Low

Score: 3

Percentile: 23.18

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2019-6467

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 4/24/2019

Reference Information

CVE: CVE-2018-5743, CVE-2019-6467

BID: 108071, 108077

IAVA: 2019-A-0139-S