Alpine: multiple bind packages: security update to 9.12.3_p4-r0

medium Tenable Self-Hosted Container Security Plugin ID 423698

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- A failure to free memory can occur when processing messages having a specific combination of EDNS options.
Versions affected are: BIND 9.10.7 -> 9.10.8-P1, 9.11.3 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions
9.10.7-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13
development branch are also affected. (CVE-2018-5744)

- "managed-keys" is a feature which allows a BIND resolver to automatically maintain the keys used by trust
anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys
feature it is possible for a BIND server which uses managed-keys to exit due to an assertion failure if,
during key rollover, a trust anchor's keys are replaced with keys which use an unsupported algorithm.
Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions
9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13
development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for
vulnerability to CVE-2018-5745. (CVE-2018-5745)

- Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones
are writable Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P2, 9.12.0 -> 9.12.3-P2, and
versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13
development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for
vulnerability to CVE-2019-6465. (CVE-2019-6465)

See Also

https://security.alpinelinux.org/vuln/CVE-2018-5744

https://security.alpinelinux.org/vuln/CVE-2018-5745

https://security.alpinelinux.org/vuln/CVE-2019-6465

Plugin Details

Severity: Medium

ID: 423698

Version: Revision 1.6

Type: Local

Published: 4/4/2025

Updated: 5/30/2025

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Low

Score: 3

Percentile: 23.18

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2019-6465

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 2/21/2019

Reference Information

CVE: CVE-2018-5744, CVE-2018-5745, CVE-2019-6465

BID: 107125, 107140, 107142

IAVA: 2019-A-0069-S