Rewterz Threat Advisory – CVE-2021-29472 – PHP vulnerability allows supply-chain attacks
April 30, 2021Rewterz Threat Alert – Stealthy RotaJakiro Backdoor Targeting Linux Systems
April 30, 2021Rewterz Threat Advisory – CVE-2021-29472 – PHP vulnerability allows supply-chain attacks
April 30, 2021Rewterz Threat Alert – Stealthy RotaJakiro Backdoor Targeting Linux Systems
April 30, 2021Severity
High
Analysis Summary
CVE-2021-25215
A flaw exists in bind. The vulnerability exists due to an assertion check that can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself. An attacker can exploit this vulnerability to gain availability to the system.
Impact
System Breach
Affected Vendors
RedHat
Affected Products
- Red Hat Enterprise Linux Server 7 x86_64
- Red Hat Enterprise Linux Workstation 7 x86_64
- Red Hat Enterprise Linux Desktop 7 x86_64
- Red Hat Enterprise Linux for IBM z Systems 7 s390x
- Red Hat Enterprise Linux for Power
- big endian 7 ppc64
- Red Hat Enterprise Linux for Scientific Computing 7 x86_64
- little endian 7 ppc64le
Remediation
Download the latest patches and updates from https://bugzilla.redhat.com/show_bug.cgi?id=1953857