Описание
Security update for bind
This update for bind fixes the following issues:
Security issues fixed:
- It is possible to craft excessively large numbers of resource record types for a given owner name, which has the effect of slowing down database processing. This has been addressed by only allowing a maximum of 100 records to be stored per name and type in a cache or zone database. (CVE-2024-1737, bsc#1228256)
- Validating DNS messages signed using the SIG(0) protocol (RFC 2931) could cause excessive CPU load, leading to a denial-of-service condition. Support for SIG(0) message validation was removed from this version of named. (CVE-2024-1975, bsc#1228257)
Список пакетов
Image SLES12-SP5-Azure-BYOS
bind-utils-9.11.22-3.57.1
libbind9-161-9.11.22-3.57.1
libdns1110-9.11.22-3.57.1
libirs161-9.11.22-3.57.1
libisc1107-9.11.22-3.57.1
libisccc161-9.11.22-3.57.1
libisccfg163-9.11.22-3.57.1
liblwres161-9.11.22-3.57.1
python-bind-9.11.22-3.57.1
Image SLES12-SP5-Azure-HPC-BYOS
bind-utils-9.11.22-3.57.1
libbind9-161-9.11.22-3.57.1
libdns1110-9.11.22-3.57.1
libirs161-9.11.22-3.57.1
libisc1107-9.11.22-3.57.1
libisccc161-9.11.22-3.57.1
libisccfg163-9.11.22-3.57.1
liblwres161-9.11.22-3.57.1
python-bind-9.11.22-3.57.1
Image SLES12-SP5-Azure-HPC-On-Demand
bind-utils-9.11.22-3.57.1
libbind9-161-9.11.22-3.57.1
libdns1110-9.11.22-3.57.1
libirs161-9.11.22-3.57.1
libisc1107-9.11.22-3.57.1
libisccc161-9.11.22-3.57.1
libisccfg163-9.11.22-3.57.1
liblwres161-9.11.22-3.57.1
python-bind-9.11.22-3.57.1
Image SLES12-SP5-Azure-SAP-BYOS
bind-utils-9.11.22-3.57.1
libbind9-161-9.11.22-3.57.1
libdns1110-9.11.22-3.57.1
libirs161-9.11.22-3.57.1
libisc1107-9.11.22-3.57.1
libisccc161-9.11.22-3.57.1
libisccfg163-9.11.22-3.57.1
liblwres161-9.11.22-3.57.1
python-bind-9.11.22-3.57.1
Image SLES12-SP5-Azure-SAP-On-Demand
bind-utils-9.11.22-3.57.1
libbind9-161-9.11.22-3.57.1
libdns1110-9.11.22-3.57.1
libirs161-9.11.22-3.57.1
libisc1107-9.11.22-3.57.1
libisccc161-9.11.22-3.57.1
libisccfg163-9.11.22-3.57.1
liblwres161-9.11.22-3.57.1
python-bind-9.11.22-3.57.1
Image SLES12-SP5-Azure-Standard-On-Demand
bind-utils-9.11.22-3.57.1
libbind9-161-9.11.22-3.57.1
libdns1110-9.11.22-3.57.1
libirs161-9.11.22-3.57.1
libisc1107-9.11.22-3.57.1
libisccc161-9.11.22-3.57.1
libisccfg163-9.11.22-3.57.1
liblwres161-9.11.22-3.57.1
python-bind-9.11.22-3.57.1
Image SLES12-SP5-EC2-BYOS
bind-utils-9.11.22-3.57.1
libbind9-161-9.11.22-3.57.1
libdns1110-9.11.22-3.57.1
libirs161-9.11.22-3.57.1
libisc1107-9.11.22-3.57.1
libisccc161-9.11.22-3.57.1
libisccfg163-9.11.22-3.57.1
liblwres161-9.11.22-3.57.1
python-bind-9.11.22-3.57.1
Image SLES12-SP5-EC2-ECS-On-Demand
bind-utils-9.11.22-3.57.1
libbind9-161-9.11.22-3.57.1
libdns1110-9.11.22-3.57.1
libirs161-9.11.22-3.57.1
libisc1107-9.11.22-3.57.1
libisccc161-9.11.22-3.57.1
libisccfg163-9.11.22-3.57.1
liblwres161-9.11.22-3.57.1
python-bind-9.11.22-3.57.1
Image SLES12-SP5-EC2-On-Demand
bind-utils-9.11.22-3.57.1
libbind9-161-9.11.22-3.57.1
libdns1110-9.11.22-3.57.1
libirs161-9.11.22-3.57.1
libisc1107-9.11.22-3.57.1
libisccc161-9.11.22-3.57.1
libisccfg163-9.11.22-3.57.1
liblwres161-9.11.22-3.57.1
python-bind-9.11.22-3.57.1
Image SLES12-SP5-EC2-SAP-BYOS
bind-utils-9.11.22-3.57.1
libbind9-161-9.11.22-3.57.1
libdns1110-9.11.22-3.57.1
libirs161-9.11.22-3.57.1
libisc1107-9.11.22-3.57.1
libisccc161-9.11.22-3.57.1
libisccfg163-9.11.22-3.57.1
liblwres161-9.11.22-3.57.1
python-bind-9.11.22-3.57.1
Image SLES12-SP5-EC2-SAP-On-Demand
bind-utils-9.11.22-3.57.1
libbind9-161-9.11.22-3.57.1
libdns1110-9.11.22-3.57.1
libirs161-9.11.22-3.57.1
libisc1107-9.11.22-3.57.1
libisccc161-9.11.22-3.57.1
libisccfg163-9.11.22-3.57.1
liblwres161-9.11.22-3.57.1
python-bind-9.11.22-3.57.1
Image SLES12-SP5-GCE-BYOS
bind-utils-9.11.22-3.57.1
libbind9-161-9.11.22-3.57.1
libdns1110-9.11.22-3.57.1
libirs161-9.11.22-3.57.1
libisc1107-9.11.22-3.57.1
libisccc161-9.11.22-3.57.1
libisccfg163-9.11.22-3.57.1
liblwres161-9.11.22-3.57.1
python-bind-9.11.22-3.57.1
Image SLES12-SP5-GCE-On-Demand
bind-utils-9.11.22-3.57.1
libbind9-161-9.11.22-3.57.1
libdns1110-9.11.22-3.57.1
libirs161-9.11.22-3.57.1
libisc1107-9.11.22-3.57.1
libisccc161-9.11.22-3.57.1
libisccfg163-9.11.22-3.57.1
liblwres161-9.11.22-3.57.1
python-bind-9.11.22-3.57.1
Image SLES12-SP5-GCE-SAP-BYOS
bind-utils-9.11.22-3.57.1
libbind9-161-9.11.22-3.57.1
libdns1110-9.11.22-3.57.1
libirs161-9.11.22-3.57.1
libisc1107-9.11.22-3.57.1
libisccc161-9.11.22-3.57.1
libisccfg163-9.11.22-3.57.1
liblwres161-9.11.22-3.57.1
python-bind-9.11.22-3.57.1
Image SLES12-SP5-GCE-SAP-On-Demand
bind-utils-9.11.22-3.57.1
libbind9-161-9.11.22-3.57.1
libdns1110-9.11.22-3.57.1
libirs161-9.11.22-3.57.1
libisc1107-9.11.22-3.57.1
libisccc161-9.11.22-3.57.1
libisccfg163-9.11.22-3.57.1
liblwres161-9.11.22-3.57.1
python-bind-9.11.22-3.57.1
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
bind-utils-9.11.22-3.57.1
libbind9-161-9.11.22-3.57.1
libdns1110-9.11.22-3.57.1
libirs161-9.11.22-3.57.1
libisc1107-9.11.22-3.57.1
libisccc161-9.11.22-3.57.1
libisccfg163-9.11.22-3.57.1
liblwres161-9.11.22-3.57.1
python-bind-9.11.22-3.57.1
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
bind-utils-9.11.22-3.57.1
libbind9-161-9.11.22-3.57.1
libdns1110-9.11.22-3.57.1
libirs161-9.11.22-3.57.1
libisc1107-9.11.22-3.57.1
libisccc161-9.11.22-3.57.1
libisccfg163-9.11.22-3.57.1
liblwres161-9.11.22-3.57.1
python-bind-9.11.22-3.57.1
SUSE Linux Enterprise Server 12 SP5
bind-9.11.22-3.57.1
bind-chrootenv-9.11.22-3.57.1
bind-doc-9.11.22-3.57.1
bind-utils-9.11.22-3.57.1
libbind9-161-9.11.22-3.57.1
libdns1110-9.11.22-3.57.1
libirs161-9.11.22-3.57.1
libisc1107-9.11.22-3.57.1
libisc1107-32bit-9.11.22-3.57.1
libisccc161-9.11.22-3.57.1
libisccfg163-9.11.22-3.57.1
liblwres161-9.11.22-3.57.1
python-bind-9.11.22-3.57.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
bind-9.11.22-3.57.1
bind-chrootenv-9.11.22-3.57.1
bind-doc-9.11.22-3.57.1
bind-utils-9.11.22-3.57.1
libbind9-161-9.11.22-3.57.1
libdns1110-9.11.22-3.57.1
libirs161-9.11.22-3.57.1
libisc1107-9.11.22-3.57.1
libisc1107-32bit-9.11.22-3.57.1
libisccc161-9.11.22-3.57.1
libisccfg163-9.11.22-3.57.1
liblwres161-9.11.22-3.57.1
python-bind-9.11.22-3.57.1
SUSE Linux Enterprise Software Development Kit 12 SP5
bind-devel-9.11.22-3.57.1
Ссылки
- Link for SUSE-SU-2024:2868-1
- E-Mail link for SUSE-SU-2024:2868-1
- SUSE Security Ratings
- SUSE Bug 1228256
- SUSE Bug 1228257
- SUSE CVE CVE-2024-1737 page
- SUSE CVE CVE-2024-1975 page
Описание
Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.4-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.
Затронутые продукты
Image SLES12-SP5-Azure-BYOS:bind-utils-9.11.22-3.57.1
Image SLES12-SP5-Azure-BYOS:libbind9-161-9.11.22-3.57.1
Image SLES12-SP5-Azure-BYOS:libdns1110-9.11.22-3.57.1
Image SLES12-SP5-Azure-BYOS:libirs161-9.11.22-3.57.1
Ссылки
- CVE-2024-1737
- SUSE Bug 1228256
Описание
If a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG(0) signed requests. This issue affects BIND 9 versions 9.0.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.49-S1, and 9.18.11-S1 through 9.18.27-S1.
Затронутые продукты
Image SLES12-SP5-Azure-BYOS:bind-utils-9.11.22-3.57.1
Image SLES12-SP5-Azure-BYOS:libbind9-161-9.11.22-3.57.1
Image SLES12-SP5-Azure-BYOS:libdns1110-9.11.22-3.57.1
Image SLES12-SP5-Azure-BYOS:libirs161-9.11.22-3.57.1
Ссылки
- CVE-2024-1975
- SUSE Bug 1228257