As per upstream advisory: If BIND is built with "--enable-native-pkcs11" then a specially crafted query for a zone signed with RSA can trigger an assertion failure. An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: - be running BIND that was built with "--enable-native-pkcs11" - be signing one or more zones with an RSA key - be able to receive queries from a possible attacker
Acknowledgments: Name: ISC Upstream: Lyu Chiy
External References: https://kb.isc.org/docs/cve-2020-8623
Created bind tracking bugs for this issue: Affects: fedora-all [bug 1870905]
Upstream commit: https://gitlab.isc.org/isc-projects/bind9/-/commit/8d807cc21655eaa6e6a08afafeec3682c0f3f2ab
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4500 https://access.redhat.com/errata/RHSA-2020:4500
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-8623
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Extended Update Support Via RHSA-2020:4992 https://access.redhat.com/errata/RHSA-2020:4992
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:5011 https://access.redhat.com/errata/RHSA-2020:5011
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Extended Update Support Via RHSA-2020:5203 https://access.redhat.com/errata/RHSA-2020:5203