Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2024:2811-1

Опубликовано: 07 авг. 2024
Источник: suse-cvrf

Описание

Security update for bind

This update for bind fixes the following issues:

  • CVE-2024-1737: It is possible to craft excessively large numbers of resource record types for a given owner name, which has the effect of slowing down database processing. This has been addressed by adding a configurable limit to the number of records that can be stored per name and type in a cache or zone database. The default is 100, which can be tuned with the new max-types-per-name option. (bsc#1228256)
  • CVE-2024-1975: Validating DNS messages signed using the SIG(0) protocol (RFC 2931) could cause excessive CPU load, leading to a denial-of-service condition. Support for SIG(0) message validation was removed from this version of named. (bsc#1228257)

Список пакетов

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
bind-9.16.6-150000.12.77.1
bind-chrootenv-9.16.6-150000.12.77.1
bind-devel-9.16.6-150000.12.77.1
bind-doc-9.16.6-150000.12.77.1
bind-utils-9.16.6-150000.12.77.1
libbind9-1600-9.16.6-150000.12.77.1
libdns1605-9.16.6-150000.12.77.1
libirs-devel-9.16.6-150000.12.77.1
libirs1601-9.16.6-150000.12.77.1
libisc1606-9.16.6-150000.12.77.1
libisccc1600-9.16.6-150000.12.77.1
libisccfg1600-9.16.6-150000.12.77.1
libns1604-9.16.6-150000.12.77.1
python3-bind-9.16.6-150000.12.77.1
SUSE Linux Enterprise Server 15 SP2-LTSS
bind-9.16.6-150000.12.77.1
bind-chrootenv-9.16.6-150000.12.77.1
bind-devel-9.16.6-150000.12.77.1
bind-doc-9.16.6-150000.12.77.1
bind-utils-9.16.6-150000.12.77.1
libbind9-1600-9.16.6-150000.12.77.1
libdns1605-9.16.6-150000.12.77.1
libirs-devel-9.16.6-150000.12.77.1
libirs1601-9.16.6-150000.12.77.1
libisc1606-9.16.6-150000.12.77.1
libisccc1600-9.16.6-150000.12.77.1
libisccfg1600-9.16.6-150000.12.77.1
libns1604-9.16.6-150000.12.77.1
python3-bind-9.16.6-150000.12.77.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
bind-9.16.6-150000.12.77.1
bind-chrootenv-9.16.6-150000.12.77.1
bind-devel-9.16.6-150000.12.77.1
bind-doc-9.16.6-150000.12.77.1
bind-utils-9.16.6-150000.12.77.1
libbind9-1600-9.16.6-150000.12.77.1
libdns1605-9.16.6-150000.12.77.1
libirs-devel-9.16.6-150000.12.77.1
libirs1601-9.16.6-150000.12.77.1
libisc1606-9.16.6-150000.12.77.1
libisccc1600-9.16.6-150000.12.77.1
libisccfg1600-9.16.6-150000.12.77.1
libns1604-9.16.6-150000.12.77.1
python3-bind-9.16.6-150000.12.77.1
SUSE Manager Client Tools for SLE Micro 5
bind-utils-9.16.6-150000.12.77.1
libbind9-1600-9.16.6-150000.12.77.1
libbind9-1600-64bit-9.16.6-150000.12.77.1
libdns1605-9.16.6-150000.12.77.1
libdns1605-64bit-9.16.6-150000.12.77.1
libirs1601-9.16.6-150000.12.77.1
libirs1601-64bit-9.16.6-150000.12.77.1
libisc1606-9.16.6-150000.12.77.1
libisc1606-64bit-9.16.6-150000.12.77.1
libisccc1600-9.16.6-150000.12.77.1
libisccc1600-64bit-9.16.6-150000.12.77.1
libisccfg1600-9.16.6-150000.12.77.1
libisccfg1600-64bit-9.16.6-150000.12.77.1
libns1604-9.16.6-150000.12.77.1
python3-bind-9.16.6-150000.12.77.1

Ссылки

Описание

Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.4-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.

Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:bind-9.16.6-150000.12.77.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:bind-chrootenv-9.16.6-150000.12.77.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:bind-devel-9.16.6-150000.12.77.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:bind-doc-9.16.6-150000.12.77.1
Ссылки

Описание

If a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG(0) signed requests. This issue affects BIND 9 versions 9.0.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.49-S1, and 9.18.11-S1 through 9.18.27-S1.

Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:bind-9.16.6-150000.12.77.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:bind-chrootenv-9.16.6-150000.12.77.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:bind-devel-9.16.6-150000.12.77.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:bind-doc-9.16.6-150000.12.77.1
Ссылки
Уязвимость SUSE-SU-2024:2811-1