Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2025:0355-1

Опубликовано: 04 фев. 2025
Источник: suse-cvrf

Описание

Security update for bind

This update for bind fixes the following issues:

Update to release 9.18.33

Security Fixes:

  • CVE-2024-11187: Fixes CPU exhaustion caused by many records in the additional section (bsc#1236596)
  • CVE-2024-12705: Fixes multiple issues in DNS-over-HTTPS implementation when under heavy query load (bsc#1236597)

Список пакетов

Container suse/manager/5.0/x86_64/server:latest
bind-utils-9.18.33-150600.3.6.1
Image SLES15-SP6
bind-utils-9.18.33-150600.3.6.1
Image SLES15-SP6-BYOS
bind-utils-9.18.33-150600.3.6.1
Image SLES15-SP6-BYOS-GCE
bind-utils-9.18.33-150600.3.6.1
Image SLES15-SP6-CHOST-BYOS
bind-utils-9.18.33-150600.3.6.1
Image SLES15-SP6-CHOST-BYOS-Azure
bind-utils-9.18.33-150600.3.6.1
Image SLES15-SP6-CHOST-BYOS-EC2
bind-utils-9.18.33-150600.3.6.1
Image SLES15-SP6-CHOST-BYOS-GCE
bind-utils-9.18.33-150600.3.6.1
Image SLES15-SP6-CHOST-BYOS-GDC
bind-utils-9.18.33-150600.3.6.1
Image SLES15-SP6-CHOST-BYOS-SAP-CCloud
bind-utils-9.18.33-150600.3.6.1
Image SLES15-SP6-GCE
bind-utils-9.18.33-150600.3.6.1
Image SLES15-SP6-Hardened-BYOS
bind-utils-9.18.33-150600.3.6.1
Image SLES15-SP6-Hardened-BYOS-GCE
bind-utils-9.18.33-150600.3.6.1
Image SLES15-SP6-SAP-BYOS
bind-utils-9.18.33-150600.3.6.1
Image SLES15-SP6-SAP-BYOS-EC2
bind-utils-9.18.33-150600.3.6.1
Image SLES15-SP6-SAP-BYOS-GCE
bind-utils-9.18.33-150600.3.6.1
SUSE Linux Enterprise Module for Basesystem 15 SP6
bind-utils-9.18.33-150600.3.6.1
SUSE Linux Enterprise Module for Server Applications 15 SP6
bind-9.18.33-150600.3.6.1
bind-doc-9.18.33-150600.3.6.1
openSUSE Leap 15.6
bind-9.18.33-150600.3.6.1
bind-doc-9.18.33-150600.3.6.1
bind-utils-9.18.33-150600.3.6.1

Ссылки

Описание

It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources processing the queries. Zones will usually need to have been deliberately crafted to attack this exposure. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.32-S1.

Затронутые продукты
Container suse/manager/5.0/x86_64/server:latest:bind-utils-9.18.33-150600.3.6.1
Image SLES15-SP6-BYOS-GCE:bind-utils-9.18.33-150600.3.6.1
Image SLES15-SP6-BYOS:bind-utils-9.18.33-150600.3.6.1
Image SLES15-SP6-CHOST-BYOS-Azure:bind-utils-9.18.33-150600.3.6.1
Ссылки

Описание

Clients using DNS-over-HTTPS (DoH) can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic. This issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 through 9.18.32-S1.

Затронутые продукты
Container suse/manager/5.0/x86_64/server:latest:bind-utils-9.18.33-150600.3.6.1
Image SLES15-SP6-BYOS-GCE:bind-utils-9.18.33-150600.3.6.1
Image SLES15-SP6-BYOS:bind-utils-9.18.33-150600.3.6.1
Image SLES15-SP6-CHOST-BYOS-Azure:bind-utils-9.18.33-150600.3.6.1
Ссылки
Уязвимость SUSE-SU-2025:0355-1