Описание
Security update for bind
This update for bind fixes the following issues:
- CVE-2023-50387: Fixed validating DNS messages containing a lot of DNSSEC signatures that could have let to a denial-of-service (bsc#1219823).
- CVE-2023-50868: Fixed NSEC3 closest encloser proof that could have let to a denial-of-service (bsc#1219826).
- CVE-2023-4408: Fixed parsing DNS messages with many different names that could have let to a denial-of-service (bsc#1219851).
Список пакетов
Image SLES12-SP5-Azure-BYOS
bind-utils-9.11.22-3.52.1
libbind9-161-9.11.22-3.52.1
libdns1110-9.11.22-3.52.1
libirs161-9.11.22-3.52.1
libisc1107-9.11.22-3.52.1
libisccc161-9.11.22-3.52.1
libisccfg163-9.11.22-3.52.1
liblwres161-9.11.22-3.52.1
python-bind-9.11.22-3.52.1
Image SLES12-SP5-Azure-Basic-On-Demand
bind-utils-9.11.22-3.52.1
libbind9-161-9.11.22-3.52.1
libdns1110-9.11.22-3.52.1
libirs161-9.11.22-3.52.1
libisc1107-9.11.22-3.52.1
libisccc161-9.11.22-3.52.1
libisccfg163-9.11.22-3.52.1
liblwres161-9.11.22-3.52.1
python-bind-9.11.22-3.52.1
Image SLES12-SP5-Azure-HPC-BYOS
bind-utils-9.11.22-3.52.1
libbind9-161-9.11.22-3.52.1
libdns1110-9.11.22-3.52.1
libirs161-9.11.22-3.52.1
libisc1107-9.11.22-3.52.1
libisccc161-9.11.22-3.52.1
libisccfg163-9.11.22-3.52.1
liblwres161-9.11.22-3.52.1
python-bind-9.11.22-3.52.1
Image SLES12-SP5-Azure-HPC-On-Demand
bind-utils-9.11.22-3.52.1
libbind9-161-9.11.22-3.52.1
libdns1110-9.11.22-3.52.1
libirs161-9.11.22-3.52.1
libisc1107-9.11.22-3.52.1
libisccc161-9.11.22-3.52.1
libisccfg163-9.11.22-3.52.1
liblwres161-9.11.22-3.52.1
python-bind-9.11.22-3.52.1
Image SLES12-SP5-Azure-SAP-BYOS
bind-utils-9.11.22-3.52.1
libbind9-161-9.11.22-3.52.1
libdns1110-9.11.22-3.52.1
libirs161-9.11.22-3.52.1
libisc1107-9.11.22-3.52.1
libisccc161-9.11.22-3.52.1
libisccfg163-9.11.22-3.52.1
liblwres161-9.11.22-3.52.1
python-bind-9.11.22-3.52.1
Image SLES12-SP5-Azure-SAP-On-Demand
bind-utils-9.11.22-3.52.1
libbind9-161-9.11.22-3.52.1
libdns1110-9.11.22-3.52.1
libirs161-9.11.22-3.52.1
libisc1107-9.11.22-3.52.1
libisccc161-9.11.22-3.52.1
libisccfg163-9.11.22-3.52.1
liblwres161-9.11.22-3.52.1
python-bind-9.11.22-3.52.1
Image SLES12-SP5-Azure-Standard-On-Demand
bind-utils-9.11.22-3.52.1
libbind9-161-9.11.22-3.52.1
libdns1110-9.11.22-3.52.1
libirs161-9.11.22-3.52.1
libisc1107-9.11.22-3.52.1
libisccc161-9.11.22-3.52.1
libisccfg163-9.11.22-3.52.1
liblwres161-9.11.22-3.52.1
python-bind-9.11.22-3.52.1
Image SLES12-SP5-EC2-BYOS
bind-utils-9.11.22-3.52.1
libbind9-161-9.11.22-3.52.1
libdns1110-9.11.22-3.52.1
libirs161-9.11.22-3.52.1
libisc1107-9.11.22-3.52.1
libisccc161-9.11.22-3.52.1
libisccfg163-9.11.22-3.52.1
liblwres161-9.11.22-3.52.1
python-bind-9.11.22-3.52.1
Image SLES12-SP5-EC2-ECS-On-Demand
bind-utils-9.11.22-3.52.1
libbind9-161-9.11.22-3.52.1
libdns1110-9.11.22-3.52.1
libirs161-9.11.22-3.52.1
libisc1107-9.11.22-3.52.1
libisccc161-9.11.22-3.52.1
libisccfg163-9.11.22-3.52.1
liblwres161-9.11.22-3.52.1
python-bind-9.11.22-3.52.1
Image SLES12-SP5-EC2-On-Demand
bind-utils-9.11.22-3.52.1
libbind9-161-9.11.22-3.52.1
libdns1110-9.11.22-3.52.1
libirs161-9.11.22-3.52.1
libisc1107-9.11.22-3.52.1
libisccc161-9.11.22-3.52.1
libisccfg163-9.11.22-3.52.1
liblwres161-9.11.22-3.52.1
python-bind-9.11.22-3.52.1
Image SLES12-SP5-EC2-SAP-BYOS
bind-utils-9.11.22-3.52.1
libbind9-161-9.11.22-3.52.1
libdns1110-9.11.22-3.52.1
libirs161-9.11.22-3.52.1
libisc1107-9.11.22-3.52.1
libisccc161-9.11.22-3.52.1
libisccfg163-9.11.22-3.52.1
liblwres161-9.11.22-3.52.1
python-bind-9.11.22-3.52.1
Image SLES12-SP5-EC2-SAP-On-Demand
bind-utils-9.11.22-3.52.1
libbind9-161-9.11.22-3.52.1
libdns1110-9.11.22-3.52.1
libirs161-9.11.22-3.52.1
libisc1107-9.11.22-3.52.1
libisccc161-9.11.22-3.52.1
libisccfg163-9.11.22-3.52.1
liblwres161-9.11.22-3.52.1
python-bind-9.11.22-3.52.1
Image SLES12-SP5-GCE-BYOS
bind-utils-9.11.22-3.52.1
libbind9-161-9.11.22-3.52.1
libdns1110-9.11.22-3.52.1
libirs161-9.11.22-3.52.1
libisc1107-9.11.22-3.52.1
libisccc161-9.11.22-3.52.1
libisccfg163-9.11.22-3.52.1
liblwres161-9.11.22-3.52.1
python-bind-9.11.22-3.52.1
Image SLES12-SP5-GCE-On-Demand
bind-utils-9.11.22-3.52.1
libbind9-161-9.11.22-3.52.1
libdns1110-9.11.22-3.52.1
libirs161-9.11.22-3.52.1
libisc1107-9.11.22-3.52.1
libisccc161-9.11.22-3.52.1
libisccfg163-9.11.22-3.52.1
liblwres161-9.11.22-3.52.1
python-bind-9.11.22-3.52.1
Image SLES12-SP5-GCE-SAP-BYOS
bind-utils-9.11.22-3.52.1
libbind9-161-9.11.22-3.52.1
libdns1110-9.11.22-3.52.1
libirs161-9.11.22-3.52.1
libisc1107-9.11.22-3.52.1
libisccc161-9.11.22-3.52.1
libisccfg163-9.11.22-3.52.1
liblwres161-9.11.22-3.52.1
python-bind-9.11.22-3.52.1
Image SLES12-SP5-GCE-SAP-On-Demand
bind-utils-9.11.22-3.52.1
libbind9-161-9.11.22-3.52.1
libdns1110-9.11.22-3.52.1
libirs161-9.11.22-3.52.1
libisc1107-9.11.22-3.52.1
libisccc161-9.11.22-3.52.1
libisccfg163-9.11.22-3.52.1
liblwres161-9.11.22-3.52.1
python-bind-9.11.22-3.52.1
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
bind-utils-9.11.22-3.52.1
libbind9-161-9.11.22-3.52.1
libdns1110-9.11.22-3.52.1
libirs161-9.11.22-3.52.1
libisc1107-9.11.22-3.52.1
libisccc161-9.11.22-3.52.1
libisccfg163-9.11.22-3.52.1
liblwres161-9.11.22-3.52.1
python-bind-9.11.22-3.52.1
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
bind-utils-9.11.22-3.52.1
libbind9-161-9.11.22-3.52.1
libdns1110-9.11.22-3.52.1
libirs161-9.11.22-3.52.1
libisc1107-9.11.22-3.52.1
libisccc161-9.11.22-3.52.1
libisccfg163-9.11.22-3.52.1
liblwres161-9.11.22-3.52.1
python-bind-9.11.22-3.52.1
SUSE Linux Enterprise Server 12 SP5
bind-9.11.22-3.52.1
bind-chrootenv-9.11.22-3.52.1
bind-doc-9.11.22-3.52.1
bind-utils-9.11.22-3.52.1
libbind9-161-9.11.22-3.52.1
libdns1110-9.11.22-3.52.1
libirs161-9.11.22-3.52.1
libisc1107-9.11.22-3.52.1
libisc1107-32bit-9.11.22-3.52.1
libisccc161-9.11.22-3.52.1
libisccfg163-9.11.22-3.52.1
liblwres161-9.11.22-3.52.1
python-bind-9.11.22-3.52.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
bind-9.11.22-3.52.1
bind-chrootenv-9.11.22-3.52.1
bind-doc-9.11.22-3.52.1
bind-utils-9.11.22-3.52.1
libbind9-161-9.11.22-3.52.1
libdns1110-9.11.22-3.52.1
libirs161-9.11.22-3.52.1
libisc1107-9.11.22-3.52.1
libisc1107-32bit-9.11.22-3.52.1
libisccc161-9.11.22-3.52.1
libisccfg163-9.11.22-3.52.1
liblwres161-9.11.22-3.52.1
python-bind-9.11.22-3.52.1
SUSE Linux Enterprise Software Development Kit 12 SP5
bind-devel-9.11.22-3.52.1
Ссылки
- Link for SUSE-SU-2024:1894-1
- E-Mail link for SUSE-SU-2024:1894-1
- SUSE Security Ratings
- SUSE Bug 1219823
- SUSE Bug 1219826
- SUSE Bug 1219851
- SUSE CVE CVE-2023-4408 page
- SUSE CVE CVE-2023-50387 page
- SUSE CVE CVE-2023-50868 page
Описание
The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected `named` instance by exploiting this flaw. This issue affects both authoritative servers and recursive resolvers. This issue affects BIND 9 versions 9.0.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.
Затронутые продукты
Image SLES12-SP5-Azure-BYOS:bind-utils-9.11.22-3.52.1
Image SLES12-SP5-Azure-BYOS:libbind9-161-9.11.22-3.52.1
Image SLES12-SP5-Azure-BYOS:libdns1110-9.11.22-3.52.1
Image SLES12-SP5-Azure-BYOS:libirs161-9.11.22-3.52.1
Ссылки
- CVE-2023-4408
- SUSE Bug 1219823
- SUSE Bug 1219851
- SUSE Bug 1221586
Описание
Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.
Затронутые продукты
Image SLES12-SP5-Azure-BYOS:bind-utils-9.11.22-3.52.1
Image SLES12-SP5-Azure-BYOS:libbind9-161-9.11.22-3.52.1
Image SLES12-SP5-Azure-BYOS:libdns1110-9.11.22-3.52.1
Image SLES12-SP5-Azure-BYOS:libirs161-9.11.22-3.52.1
Ссылки
- CVE-2023-50387
- SUSE Bug 1219823
- SUSE Bug 1220717
- SUSE Bug 1221586
Описание
The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.
Затронутые продукты
Image SLES12-SP5-Azure-BYOS:bind-utils-9.11.22-3.52.1
Image SLES12-SP5-Azure-BYOS:libbind9-161-9.11.22-3.52.1
Image SLES12-SP5-Azure-BYOS:libdns1110-9.11.22-3.52.1
Image SLES12-SP5-Azure-BYOS:libirs161-9.11.22-3.52.1
Ссылки
- CVE-2023-50868
- SUSE Bug 1219823
- SUSE Bug 1219826
- SUSE Bug 1221586