Описание
Security update for bind
This update for bind fixes the following issues:
- CVE-2024-1737: It is possible to craft excessively large numbers of resource record types for a given owner name, which has the effect of slowing down database processing. This has been addressed by adding a configurable limit to the number of records that can be stored per name and type in a cache or zone database. The default is 100, which can be tuned with the new max-types-per-name option. (bsc#1228256)
- CVE-2024-1975: Validating DNS messages signed using the SIG(0) protocol (RFC 2931) could cause excessive CPU load, leading to a denial-of-service condition. Support for SIG(0) message validation was removed from this version of named. (bsc#1228257)
Список пакетов
Image SLES15-SP3-BYOS-Azure
bind-utils-9.16.6-150300.22.47.1
libbind9-1600-9.16.6-150300.22.47.1
libdns1605-9.16.6-150300.22.47.1
libirs1601-9.16.6-150300.22.47.1
libisc1606-9.16.6-150300.22.47.1
libisccc1600-9.16.6-150300.22.47.1
libisccfg1600-9.16.6-150300.22.47.1
libns1604-9.16.6-150300.22.47.1
python3-bind-9.16.6-150300.22.47.1
Image SLES15-SP3-BYOS-EC2-HVM
bind-utils-9.16.6-150300.22.47.1
libbind9-1600-9.16.6-150300.22.47.1
libdns1605-9.16.6-150300.22.47.1
libirs1601-9.16.6-150300.22.47.1
libisc1606-9.16.6-150300.22.47.1
libisccc1600-9.16.6-150300.22.47.1
libisccfg1600-9.16.6-150300.22.47.1
libns1604-9.16.6-150300.22.47.1
python3-bind-9.16.6-150300.22.47.1
Image SLES15-SP3-BYOS-GCE
bind-utils-9.16.6-150300.22.47.1
libbind9-1600-9.16.6-150300.22.47.1
libdns1605-9.16.6-150300.22.47.1
libirs1601-9.16.6-150300.22.47.1
libisc1606-9.16.6-150300.22.47.1
libisccc1600-9.16.6-150300.22.47.1
libisccfg1600-9.16.6-150300.22.47.1
libns1604-9.16.6-150300.22.47.1
python3-bind-9.16.6-150300.22.47.1
Image SLES15-SP3-CHOST-BYOS-Aliyun
bind-utils-9.16.6-150300.22.47.1
libbind9-1600-9.16.6-150300.22.47.1
libdns1605-9.16.6-150300.22.47.1
libirs1601-9.16.6-150300.22.47.1
libisc1606-9.16.6-150300.22.47.1
libisccc1600-9.16.6-150300.22.47.1
libisccfg1600-9.16.6-150300.22.47.1
libns1604-9.16.6-150300.22.47.1
python3-bind-9.16.6-150300.22.47.1
Image SLES15-SP3-CHOST-BYOS-Azure
bind-utils-9.16.6-150300.22.47.1
libbind9-1600-9.16.6-150300.22.47.1
libdns1605-9.16.6-150300.22.47.1
libirs1601-9.16.6-150300.22.47.1
libisc1606-9.16.6-150300.22.47.1
libisccc1600-9.16.6-150300.22.47.1
libisccfg1600-9.16.6-150300.22.47.1
libns1604-9.16.6-150300.22.47.1
python3-bind-9.16.6-150300.22.47.1
Image SLES15-SP3-CHOST-BYOS-EC2
bind-utils-9.16.6-150300.22.47.1
libbind9-1600-9.16.6-150300.22.47.1
libdns1605-9.16.6-150300.22.47.1
libirs1601-9.16.6-150300.22.47.1
libisc1606-9.16.6-150300.22.47.1
libisccc1600-9.16.6-150300.22.47.1
libisccfg1600-9.16.6-150300.22.47.1
libns1604-9.16.6-150300.22.47.1
python3-bind-9.16.6-150300.22.47.1
Image SLES15-SP3-CHOST-BYOS-GCE
bind-utils-9.16.6-150300.22.47.1
libbind9-1600-9.16.6-150300.22.47.1
libdns1605-9.16.6-150300.22.47.1
libirs1601-9.16.6-150300.22.47.1
libisc1606-9.16.6-150300.22.47.1
libisccc1600-9.16.6-150300.22.47.1
libisccfg1600-9.16.6-150300.22.47.1
libns1604-9.16.6-150300.22.47.1
python3-bind-9.16.6-150300.22.47.1
Image SLES15-SP3-CHOST-BYOS-SAP-CCloud
bind-utils-9.16.6-150300.22.47.1
libbind9-1600-9.16.6-150300.22.47.1
libdns1605-9.16.6-150300.22.47.1
libirs1601-9.16.6-150300.22.47.1
libisc1606-9.16.6-150300.22.47.1
libisccc1600-9.16.6-150300.22.47.1
libisccfg1600-9.16.6-150300.22.47.1
libns1604-9.16.6-150300.22.47.1
python3-bind-9.16.6-150300.22.47.1
Image SLES15-SP3-HPC-BYOS-Azure
bind-utils-9.16.6-150300.22.47.1
libbind9-1600-9.16.6-150300.22.47.1
libdns1605-9.16.6-150300.22.47.1
libirs1601-9.16.6-150300.22.47.1
libisc1606-9.16.6-150300.22.47.1
libisccc1600-9.16.6-150300.22.47.1
libisccfg1600-9.16.6-150300.22.47.1
libns1604-9.16.6-150300.22.47.1
python3-bind-9.16.6-150300.22.47.1
Image SLES15-SP3-HPC-BYOS-EC2-HVM
bind-utils-9.16.6-150300.22.47.1
libbind9-1600-9.16.6-150300.22.47.1
libdns1605-9.16.6-150300.22.47.1
libirs1601-9.16.6-150300.22.47.1
libisc1606-9.16.6-150300.22.47.1
libisccc1600-9.16.6-150300.22.47.1
libisccfg1600-9.16.6-150300.22.47.1
libns1604-9.16.6-150300.22.47.1
python3-bind-9.16.6-150300.22.47.1
Image SLES15-SP3-HPC-BYOS-GCE
bind-utils-9.16.6-150300.22.47.1
libbind9-1600-9.16.6-150300.22.47.1
libdns1605-9.16.6-150300.22.47.1
libirs1601-9.16.6-150300.22.47.1
libisc1606-9.16.6-150300.22.47.1
libisccc1600-9.16.6-150300.22.47.1
libisccfg1600-9.16.6-150300.22.47.1
libns1604-9.16.6-150300.22.47.1
python3-bind-9.16.6-150300.22.47.1
Image SLES15-SP3-SAP-Azure-LI-BYOS-Production
bind-utils-9.16.6-150300.22.47.1
libbind9-1600-9.16.6-150300.22.47.1
libdns1605-9.16.6-150300.22.47.1
libirs1601-9.16.6-150300.22.47.1
libisc1606-9.16.6-150300.22.47.1
libisccc1600-9.16.6-150300.22.47.1
libisccfg1600-9.16.6-150300.22.47.1
libns1604-9.16.6-150300.22.47.1
python3-bind-9.16.6-150300.22.47.1
Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production
bind-utils-9.16.6-150300.22.47.1
libbind9-1600-9.16.6-150300.22.47.1
libdns1605-9.16.6-150300.22.47.1
libirs1601-9.16.6-150300.22.47.1
libisc1606-9.16.6-150300.22.47.1
libisccc1600-9.16.6-150300.22.47.1
libisccfg1600-9.16.6-150300.22.47.1
libns1604-9.16.6-150300.22.47.1
python3-bind-9.16.6-150300.22.47.1
Image SLES15-SP3-SAP-BYOS-Azure
bind-utils-9.16.6-150300.22.47.1
libbind9-1600-9.16.6-150300.22.47.1
libdns1605-9.16.6-150300.22.47.1
libirs1601-9.16.6-150300.22.47.1
libisc1606-9.16.6-150300.22.47.1
libisccc1600-9.16.6-150300.22.47.1
libisccfg1600-9.16.6-150300.22.47.1
libns1604-9.16.6-150300.22.47.1
python3-bind-9.16.6-150300.22.47.1
Image SLES15-SP3-SAP-BYOS-EC2-HVM
bind-utils-9.16.6-150300.22.47.1
libbind9-1600-9.16.6-150300.22.47.1
libdns1605-9.16.6-150300.22.47.1
libirs1601-9.16.6-150300.22.47.1
libisc1606-9.16.6-150300.22.47.1
libisccc1600-9.16.6-150300.22.47.1
libisccfg1600-9.16.6-150300.22.47.1
libns1604-9.16.6-150300.22.47.1
python3-bind-9.16.6-150300.22.47.1
Image SLES15-SP3-SAP-BYOS-GCE
bind-utils-9.16.6-150300.22.47.1
libbind9-1600-9.16.6-150300.22.47.1
libdns1605-9.16.6-150300.22.47.1
libirs1601-9.16.6-150300.22.47.1
libisc1606-9.16.6-150300.22.47.1
libisccc1600-9.16.6-150300.22.47.1
libisccfg1600-9.16.6-150300.22.47.1
libns1604-9.16.6-150300.22.47.1
python3-bind-9.16.6-150300.22.47.1
Image SLES15-SP3-SAPCAL-Azure
bind-utils-9.16.6-150300.22.47.1
libbind9-1600-9.16.6-150300.22.47.1
libdns1605-9.16.6-150300.22.47.1
libirs1601-9.16.6-150300.22.47.1
libisc1606-9.16.6-150300.22.47.1
libisccc1600-9.16.6-150300.22.47.1
libisccfg1600-9.16.6-150300.22.47.1
libns1604-9.16.6-150300.22.47.1
python3-bind-9.16.6-150300.22.47.1
Image SLES15-SP3-SAPCAL-EC2-HVM
bind-utils-9.16.6-150300.22.47.1
libbind9-1600-9.16.6-150300.22.47.1
libdns1605-9.16.6-150300.22.47.1
libirs1601-9.16.6-150300.22.47.1
libisc1606-9.16.6-150300.22.47.1
libisccc1600-9.16.6-150300.22.47.1
libisccfg1600-9.16.6-150300.22.47.1
libns1604-9.16.6-150300.22.47.1
python3-bind-9.16.6-150300.22.47.1
Image SLES15-SP3-SAPCAL-GCE
bind-utils-9.16.6-150300.22.47.1
libbind9-1600-9.16.6-150300.22.47.1
libdns1605-9.16.6-150300.22.47.1
libirs1601-9.16.6-150300.22.47.1
libisc1606-9.16.6-150300.22.47.1
libisccc1600-9.16.6-150300.22.47.1
libisccfg1600-9.16.6-150300.22.47.1
libns1604-9.16.6-150300.22.47.1
python3-bind-9.16.6-150300.22.47.1
SUSE Enterprise Storage 7.1
bind-9.16.6-150300.22.47.1
bind-chrootenv-9.16.6-150300.22.47.1
bind-devel-9.16.6-150300.22.47.1
bind-doc-9.16.6-150300.22.47.1
bind-utils-9.16.6-150300.22.47.1
libbind9-1600-9.16.6-150300.22.47.1
libdns1605-9.16.6-150300.22.47.1
libirs-devel-9.16.6-150300.22.47.1
libirs1601-9.16.6-150300.22.47.1
libisc1606-9.16.6-150300.22.47.1
libisccc1600-9.16.6-150300.22.47.1
libisccfg1600-9.16.6-150300.22.47.1
libns1604-9.16.6-150300.22.47.1
python3-bind-9.16.6-150300.22.47.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
bind-9.16.6-150300.22.47.1
bind-chrootenv-9.16.6-150300.22.47.1
bind-devel-9.16.6-150300.22.47.1
bind-doc-9.16.6-150300.22.47.1
bind-utils-9.16.6-150300.22.47.1
libbind9-1600-9.16.6-150300.22.47.1
libdns1605-9.16.6-150300.22.47.1
libirs-devel-9.16.6-150300.22.47.1
libirs1601-9.16.6-150300.22.47.1
libisc1606-9.16.6-150300.22.47.1
libisccc1600-9.16.6-150300.22.47.1
libisccfg1600-9.16.6-150300.22.47.1
libns1604-9.16.6-150300.22.47.1
python3-bind-9.16.6-150300.22.47.1
SUSE Linux Enterprise Module for Basesystem 15 SP6
libdns1605-9.16.6-150300.22.47.1
libirs-devel-9.16.6-150300.22.47.1
libirs1601-9.16.6-150300.22.47.1
libisc1606-9.16.6-150300.22.47.1
libisccfg1600-9.16.6-150300.22.47.1
SUSE Linux Enterprise Server 15 SP3-LTSS
bind-9.16.6-150300.22.47.1
bind-chrootenv-9.16.6-150300.22.47.1
bind-devel-9.16.6-150300.22.47.1
bind-doc-9.16.6-150300.22.47.1
bind-utils-9.16.6-150300.22.47.1
libbind9-1600-9.16.6-150300.22.47.1
libdns1605-9.16.6-150300.22.47.1
libirs-devel-9.16.6-150300.22.47.1
libirs1601-9.16.6-150300.22.47.1
libisc1606-9.16.6-150300.22.47.1
libisccc1600-9.16.6-150300.22.47.1
libisccfg1600-9.16.6-150300.22.47.1
libns1604-9.16.6-150300.22.47.1
python3-bind-9.16.6-150300.22.47.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
bind-9.16.6-150300.22.47.1
bind-chrootenv-9.16.6-150300.22.47.1
bind-devel-9.16.6-150300.22.47.1
bind-doc-9.16.6-150300.22.47.1
bind-utils-9.16.6-150300.22.47.1
libbind9-1600-9.16.6-150300.22.47.1
libdns1605-9.16.6-150300.22.47.1
libirs-devel-9.16.6-150300.22.47.1
libirs1601-9.16.6-150300.22.47.1
libisc1606-9.16.6-150300.22.47.1
libisccc1600-9.16.6-150300.22.47.1
libisccfg1600-9.16.6-150300.22.47.1
libns1604-9.16.6-150300.22.47.1
python3-bind-9.16.6-150300.22.47.1
Ссылки
- Link for SUSE-SU-2024:2810-1
- E-Mail link for SUSE-SU-2024:2810-1
- SUSE Security Ratings
- SUSE Bug 1228256
- SUSE Bug 1228257
- SUSE CVE CVE-2024-1737 page
- SUSE CVE CVE-2024-1975 page
Описание
Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.4-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.
Затронутые продукты
Image SLES15-SP3-BYOS-Azure:bind-utils-9.16.6-150300.22.47.1
Image SLES15-SP3-BYOS-Azure:libbind9-1600-9.16.6-150300.22.47.1
Image SLES15-SP3-BYOS-Azure:libdns1605-9.16.6-150300.22.47.1
Image SLES15-SP3-BYOS-Azure:libirs1601-9.16.6-150300.22.47.1
Ссылки
- CVE-2024-1737
- SUSE Bug 1228256
Описание
If a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG(0) signed requests. This issue affects BIND 9 versions 9.0.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.49-S1, and 9.18.11-S1 through 9.18.27-S1.
Затронутые продукты
Image SLES15-SP3-BYOS-Azure:bind-utils-9.16.6-150300.22.47.1
Image SLES15-SP3-BYOS-Azure:libbind9-1600-9.16.6-150300.22.47.1
Image SLES15-SP3-BYOS-Azure:libdns1605-9.16.6-150300.22.47.1
Image SLES15-SP3-BYOS-Azure:libirs1601-9.16.6-150300.22.47.1
Ссылки
- CVE-2024-1975
- SUSE Bug 1228257