Security update for bindSUSE Patchsecurity@suse.deSUSE Security TeamSUSE-SU-2015:0011-2Final112014-01-27T18:38:10Zcurrent2014-01-27T18:38:10Z2014-01-27T18:38:10Zcve-database/bin/generate-cvrf.pl2017-02-24T01:00:00ZSecurity update for bind This update fixes a DoS vulnerability in bind when handling malformed NSEC3-signed zones. CVE-2014-0591 has been assigned to this issue. Security Issue references: * CVE-2014-0591 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0591> The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).slessp2-bindCopyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)https://www.suse.com/support/update/announcement/2015/suse-su-20150011-2/Link for SUSE-SU-2015:0011-2https://lists.suse.com/pipermail/sle-security-updates/2015-February/001228.htmlE-Mail link for SUSE-SU-2015:0011-2https://www.suse.com/support/security/rating/SUSE Security Ratingshttps://bugzilla.suse.com/743758SUSE Bug 743758https://bugzilla.suse.com/765315SUSE Bug 765315https://bugzilla.suse.com/772945SUSE Bug 772945https://bugzilla.suse.com/780157SUSE Bug 780157https://bugzilla.suse.com/784602SUSE Bug 784602https://bugzilla.suse.com/796112SUSE Bug 796112https://bugzilla.suse.com/815230SUSE Bug 815230https://bugzilla.suse.com/819475SUSE Bug 819475https://bugzilla.suse.com/831899SUSE Bug 831899https://bugzilla.suse.com/858639SUSE Bug 858639https://bugzilla.suse.com/882511SUSE Bug 882511https://bugzilla.suse.com/908994SUSE Bug 908994https://www.suse.com/security/cve/CVE-2012-1667/SUSE CVE CVE-2012-1667 pagehttps://www.suse.com/security/cve/CVE-2012-3817/SUSE CVE CVE-2012-3817 pagehttps://www.suse.com/security/cve/CVE-2012-4244/SUSE CVE CVE-2012-4244 pagehttps://www.suse.com/security/cve/CVE-2012-5166/SUSE CVE CVE-2012-5166 pagehttps://www.suse.com/security/cve/CVE-2013-4854/SUSE CVE CVE-2013-4854 pagehttps://www.suse.com/security/cve/CVE-2014-0591/SUSE CVE CVE-2014-0591 pagehttps://www.suse.com/security/cve/CVE-2014-8500/SUSE CVE CVE-2014-8500 pageSUSE Linux Enterprise Server 11 SP2SUSE Linux Enterprise Server 11 SP2-LTSSSUSE Linux Enterprise Server for SAP Applications 11 SP2bind-9.9.4P2-0.6.1bind-chrootenv-9.9.4P2-0.6.1bind-devel-9.9.6P1-0.5.5bind-doc-9.9.4P2-0.6.1bind-libs-9.9.4P2-0.6.1bind-libs-32bit-9.9.4P2-0.6.1bind-libs-x86-9.9.4P2-0.6.1bind-utils-9.9.4P2-0.6.1bind-9.9.4P2-0.6.1 as a component of SUSE Linux Enterprise Server 11 SP2bind-chrootenv-9.9.4P2-0.6.1 as a component of SUSE Linux Enterprise Server 11 SP2bind-devel-9.9.6P1-0.5.5 as a component of SUSE Linux Enterprise Server 11 SP2bind-doc-9.9.4P2-0.6.1 as a component of SUSE Linux Enterprise Server 11 SP2bind-libs-9.9.4P2-0.6.1 as a component of SUSE Linux Enterprise Server 11 SP2bind-libs-32bit-9.9.4P2-0.6.1 as a component of SUSE Linux Enterprise Server 11 SP2bind-libs-x86-9.9.4P2-0.6.1 as a component of SUSE Linux Enterprise Server 11 SP2bind-utils-9.9.4P2-0.6.1 as a component of SUSE Linux Enterprise Server 11 SP2bind-9.9.4P2-0.6.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSSbind-chrootenv-9.9.4P2-0.6.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSSbind-devel-9.9.6P1-0.5.5 as a component of SUSE Linux Enterprise Server 11 SP2-LTSSbind-doc-9.9.4P2-0.6.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSSbind-libs-9.9.4P2-0.6.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSSbind-libs-32bit-9.9.4P2-0.6.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSSbind-libs-x86-9.9.4P2-0.6.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSSbind-utils-9.9.4P2-0.6.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSSbind-9.9.4P2-0.6.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP2bind-chrootenv-9.9.4P2-0.6.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP2bind-devel-9.9.6P1-0.5.5 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP2bind-doc-9.9.4P2-0.6.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP2bind-libs-9.9.4P2-0.6.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP2bind-libs-32bit-9.9.4P2-0.6.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP2bind-libs-x86-9.9.4P2-0.6.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP2bind-utils-9.9.4P2-0.6.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP2ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of service (daemon crash or data corruption) or obtain sensitive information from process memory via a crafted record.CVE-2012-1667SUSE Linux Enterprise Server 11 SP2-LTSS:bind-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2-LTSS:bind-chrootenv-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2-LTSS:bind-devel-9.9.6P1-0.5.5SUSE Linux Enterprise Server 11 SP2-LTSS:bind-doc-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2-LTSS:bind-libs-32bit-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2-LTSS:bind-libs-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2-LTSS:bind-libs-x86-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2-LTSS:bind-utils-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2:bind-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2:bind-chrootenv-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2:bind-devel-9.9.6P1-0.5.5SUSE Linux Enterprise Server 11 SP2:bind-doc-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2:bind-libs-32bit-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2:bind-libs-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2:bind-libs-x86-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2:bind-utils-9.9.4P2-0.6.1SUSE Linux Enterprise Server for SAP Applications 11 SP2:bind-9.9.4P2-0.6.1SUSE Linux Enterprise Server for SAP Applications 11 SP2:bind-chrootenv-9.9.4P2-0.6.1SUSE Linux Enterprise Server for SAP Applications 11 SP2:bind-devel-9.9.6P1-0.5.5SUSE Linux Enterprise Server for SAP Applications 11 SP2:bind-doc-9.9.4P2-0.6.1SUSE Linux Enterprise Server for SAP Applications 11 SP2:bind-libs-32bit-9.9.4P2-0.6.1SUSE Linux Enterprise Server for SAP Applications 11 SP2:bind-libs-9.9.4P2-0.6.1SUSE Linux Enterprise Server for SAP Applications 11 SP2:bind-libs-x86-9.9.4P2-0.6.1SUSE Linux Enterprise Server for SAP Applications 11 SP2:bind-utils-9.9.4P2-0.6.1moderate8.5AV:N/AC:L/Au:N/C:P/I:N/A:CTo install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150011-2/https://www.suse.com/security/cve/CVE-2012-1667.htmlCVE-2012-1667https://bugzilla.suse.com/765315SUSE Bug 765315https://bugzilla.suse.com/792926SUSE Bug 792926ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2; 9.8.x before 9.8.3-P2; 9.9.x before 9.9.1-P2; and 9.6-ESV before 9.6-ESV-R7-P2, when DNSSEC validation is enabled, does not properly initialize the failing-query cache, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) by sending many queries.CVE-2012-3817SUSE Linux Enterprise Server 11 SP2-LTSS:bind-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2-LTSS:bind-chrootenv-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2-LTSS:bind-devel-9.9.6P1-0.5.5SUSE Linux Enterprise Server 11 SP2-LTSS:bind-doc-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2-LTSS:bind-libs-32bit-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2-LTSS:bind-libs-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2-LTSS:bind-libs-x86-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2-LTSS:bind-utils-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2:bind-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2:bind-chrootenv-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2:bind-devel-9.9.6P1-0.5.5SUSE Linux Enterprise Server 11 SP2:bind-doc-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2:bind-libs-32bit-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2:bind-libs-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2:bind-libs-x86-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2:bind-utils-9.9.4P2-0.6.1SUSE Linux Enterprise Server for SAP Applications 11 SP2:bind-9.9.4P2-0.6.1SUSE Linux Enterprise Server for SAP Applications 11 SP2:bind-chrootenv-9.9.4P2-0.6.1SUSE Linux Enterprise Server for SAP Applications 11 SP2:bind-devel-9.9.6P1-0.5.5SUSE Linux Enterprise Server for SAP Applications 11 SP2:bind-doc-9.9.4P2-0.6.1SUSE Linux Enterprise Server for SAP Applications 11 SP2:bind-libs-32bit-9.9.4P2-0.6.1SUSE Linux Enterprise Server for SAP Applications 11 SP2:bind-libs-9.9.4P2-0.6.1SUSE Linux Enterprise Server for SAP Applications 11 SP2:bind-libs-x86-9.9.4P2-0.6.1SUSE Linux Enterprise Server for SAP Applications 11 SP2:bind-utils-9.9.4P2-0.6.1moderate7.8AV:N/AC:L/Au:N/C:N/I:N/A:CTo install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150011-2/https://www.suse.com/security/cve/CVE-2012-3817.htmlCVE-2012-3817https://bugzilla.suse.com/772945SUSE Bug 772945https://bugzilla.suse.com/792926SUSE Bug 792926https://bugzilla.suse.com/986950SUSE Bug 986950ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a long resource record.CVE-2012-4244SUSE Linux Enterprise Server 11 SP2-LTSS:bind-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2-LTSS:bind-chrootenv-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2-LTSS:bind-devel-9.9.6P1-0.5.5SUSE Linux Enterprise Server 11 SP2-LTSS:bind-doc-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2-LTSS:bind-libs-32bit-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2-LTSS:bind-libs-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2-LTSS:bind-libs-x86-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2-LTSS:bind-utils-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2:bind-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2:bind-chrootenv-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2:bind-devel-9.9.6P1-0.5.5SUSE Linux Enterprise Server 11 SP2:bind-doc-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2:bind-libs-32bit-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2:bind-libs-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2:bind-libs-x86-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2:bind-utils-9.9.4P2-0.6.1SUSE Linux Enterprise Server for SAP Applications 11 SP2:bind-9.9.4P2-0.6.1SUSE Linux Enterprise Server for SAP Applications 11 SP2:bind-chrootenv-9.9.4P2-0.6.1SUSE Linux Enterprise Server for SAP Applications 11 SP2:bind-devel-9.9.6P1-0.5.5SUSE Linux Enterprise Server for SAP Applications 11 SP2:bind-doc-9.9.4P2-0.6.1SUSE Linux Enterprise Server for SAP Applications 11 SP2:bind-libs-32bit-9.9.4P2-0.6.1SUSE Linux Enterprise Server for SAP Applications 11 SP2:bind-libs-9.9.4P2-0.6.1SUSE Linux Enterprise Server for SAP Applications 11 SP2:bind-libs-x86-9.9.4P2-0.6.1SUSE Linux Enterprise Server for SAP Applications 11 SP2:bind-utils-9.9.4P2-0.6.1moderate7.8AV:N/AC:L/Au:N/C:N/I:N/A:CTo install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150011-2/https://www.suse.com/security/cve/CVE-2012-4244.htmlCVE-2012-4244https://bugzilla.suse.com/780157SUSE Bug 780157https://bugzilla.suse.com/792926SUSE Bug 792926ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows remote attackers to cause a denial of service (named daemon hang) via unspecified combinations of resource records.CVE-2012-5166SUSE Linux Enterprise Server 11 SP2-LTSS:bind-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2-LTSS:bind-chrootenv-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2-LTSS:bind-devel-9.9.6P1-0.5.5SUSE Linux Enterprise Server 11 SP2-LTSS:bind-doc-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2-LTSS:bind-libs-32bit-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2-LTSS:bind-libs-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2-LTSS:bind-libs-x86-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2-LTSS:bind-utils-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2:bind-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2:bind-chrootenv-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2:bind-devel-9.9.6P1-0.5.5SUSE Linux Enterprise Server 11 SP2:bind-doc-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2:bind-libs-32bit-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2:bind-libs-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2:bind-libs-x86-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2:bind-utils-9.9.4P2-0.6.1SUSE Linux Enterprise Server for SAP Applications 11 SP2:bind-9.9.4P2-0.6.1SUSE Linux Enterprise Server for SAP Applications 11 SP2:bind-chrootenv-9.9.4P2-0.6.1SUSE Linux Enterprise Server for SAP Applications 11 SP2:bind-devel-9.9.6P1-0.5.5SUSE Linux Enterprise Server for SAP Applications 11 SP2:bind-doc-9.9.4P2-0.6.1SUSE Linux Enterprise Server for SAP Applications 11 SP2:bind-libs-32bit-9.9.4P2-0.6.1SUSE Linux Enterprise Server for SAP Applications 11 SP2:bind-libs-9.9.4P2-0.6.1SUSE Linux Enterprise Server for SAP Applications 11 SP2:bind-libs-x86-9.9.4P2-0.6.1SUSE Linux Enterprise Server for SAP Applications 11 SP2:bind-utils-9.9.4P2-0.6.1moderate7.8AV:N/AC:L/Au:N/C:N/I:N/A:CTo install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150011-2/https://www.suse.com/security/cve/CVE-2012-5166.htmlCVE-2012-5166https://bugzilla.suse.com/784602SUSE Bug 784602https://bugzilla.suse.com/792926SUSE Bug 792926The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.CVE-2013-4854SUSE Linux Enterprise Server 11 SP2-LTSS:bind-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2-LTSS:bind-chrootenv-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2-LTSS:bind-devel-9.9.6P1-0.5.5SUSE Linux Enterprise Server 11 SP2-LTSS:bind-doc-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2-LTSS:bind-libs-32bit-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2-LTSS:bind-libs-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2-LTSS:bind-libs-x86-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2-LTSS:bind-utils-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2:bind-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2:bind-chrootenv-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2:bind-devel-9.9.6P1-0.5.5SUSE Linux Enterprise Server 11 SP2:bind-doc-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2:bind-libs-32bit-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2:bind-libs-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2:bind-libs-x86-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2:bind-utils-9.9.4P2-0.6.1SUSE Linux Enterprise Server for SAP Applications 11 SP2:bind-9.9.4P2-0.6.1SUSE Linux Enterprise Server for SAP Applications 11 SP2:bind-chrootenv-9.9.4P2-0.6.1SUSE Linux Enterprise Server for SAP Applications 11 SP2:bind-devel-9.9.6P1-0.5.5SUSE Linux Enterprise Server for SAP Applications 11 SP2:bind-doc-9.9.4P2-0.6.1SUSE Linux Enterprise Server for SAP Applications 11 SP2:bind-libs-32bit-9.9.4P2-0.6.1SUSE Linux Enterprise Server for SAP Applications 11 SP2:bind-libs-9.9.4P2-0.6.1SUSE Linux Enterprise Server for SAP Applications 11 SP2:bind-libs-x86-9.9.4P2-0.6.1SUSE Linux Enterprise Server for SAP Applications 11 SP2:bind-utils-9.9.4P2-0.6.1moderate7.8AV:N/AC:L/Au:N/C:N/I:N/A:CTo install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150011-2/https://www.suse.com/security/cve/CVE-2013-4854.htmlCVE-2013-4854https://bugzilla.suse.com/831899SUSE Bug 831899The query_findclosestnsec3 function in query.c in named in ISC BIND 9.6, 9.7, and 9.8 before 9.8.6-P2 and 9.9 before 9.9.4-P2, and 9.6-ESV before 9.6-ESV-R10-P2, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a crafted DNS query to an authoritative nameserver that uses the NSEC3 signing feature.CVE-2014-0591SUSE Linux Enterprise Server 11 SP2-LTSS:bind-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2-LTSS:bind-chrootenv-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2-LTSS:bind-devel-9.9.6P1-0.5.5SUSE Linux Enterprise Server 11 SP2-LTSS:bind-doc-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2-LTSS:bind-libs-32bit-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2-LTSS:bind-libs-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2-LTSS:bind-libs-x86-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2-LTSS:bind-utils-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2:bind-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2:bind-chrootenv-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2:bind-devel-9.9.6P1-0.5.5SUSE Linux Enterprise Server 11 SP2:bind-doc-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2:bind-libs-32bit-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2:bind-libs-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2:bind-libs-x86-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2:bind-utils-9.9.4P2-0.6.1SUSE Linux Enterprise Server for SAP Applications 11 SP2:bind-9.9.4P2-0.6.1SUSE Linux Enterprise Server for SAP Applications 11 SP2:bind-chrootenv-9.9.4P2-0.6.1SUSE Linux Enterprise Server for SAP Applications 11 SP2:bind-devel-9.9.6P1-0.5.5SUSE Linux Enterprise Server for SAP Applications 11 SP2:bind-doc-9.9.4P2-0.6.1SUSE Linux Enterprise Server for SAP Applications 11 SP2:bind-libs-32bit-9.9.4P2-0.6.1SUSE Linux Enterprise Server for SAP Applications 11 SP2:bind-libs-9.9.4P2-0.6.1SUSE Linux Enterprise Server for SAP Applications 11 SP2:bind-libs-x86-9.9.4P2-0.6.1SUSE Linux Enterprise Server for SAP Applications 11 SP2:bind-utils-9.9.4P2-0.6.1moderate2.6AV:N/AC:H/Au:N/C:N/I:N/A:PTo install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150011-2/https://www.suse.com/security/cve/CVE-2014-0591.htmlCVE-2014-0591https://bugzilla.suse.com/858639SUSE Bug 858639ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through 9.10.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory consumption and named crash) via a large or infinite number of referrals.CVE-2014-8500SUSE Linux Enterprise Server 11 SP2-LTSS:bind-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2-LTSS:bind-chrootenv-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2-LTSS:bind-devel-9.9.6P1-0.5.5SUSE Linux Enterprise Server 11 SP2-LTSS:bind-doc-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2-LTSS:bind-libs-32bit-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2-LTSS:bind-libs-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2-LTSS:bind-libs-x86-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2-LTSS:bind-utils-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2:bind-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2:bind-chrootenv-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2:bind-devel-9.9.6P1-0.5.5SUSE Linux Enterprise Server 11 SP2:bind-doc-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2:bind-libs-32bit-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2:bind-libs-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2:bind-libs-x86-9.9.4P2-0.6.1SUSE Linux Enterprise Server 11 SP2:bind-utils-9.9.4P2-0.6.1SUSE Linux Enterprise Server for SAP Applications 11 SP2:bind-9.9.4P2-0.6.1SUSE Linux Enterprise Server for SAP Applications 11 SP2:bind-chrootenv-9.9.4P2-0.6.1SUSE Linux Enterprise Server for SAP Applications 11 SP2:bind-devel-9.9.6P1-0.5.5SUSE Linux Enterprise Server for SAP Applications 11 SP2:bind-doc-9.9.4P2-0.6.1SUSE Linux Enterprise Server for SAP Applications 11 SP2:bind-libs-32bit-9.9.4P2-0.6.1SUSE Linux Enterprise Server for SAP Applications 11 SP2:bind-libs-9.9.4P2-0.6.1SUSE Linux Enterprise Server for SAP Applications 11 SP2:bind-libs-x86-9.9.4P2-0.6.1SUSE Linux Enterprise Server for SAP Applications 11 SP2:bind-utils-9.9.4P2-0.6.1moderate7.8AV:N/AC:L/Au:N/C:N/I:N/A:CTo install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150011-2/https://www.suse.com/security/cve/CVE-2014-8500.htmlCVE-2014-8500https://bugzilla.suse.com/908994SUSE Bug 908994https://bugzilla.suse.com/986950SUSE Bug 986950