SUSE-SU-2025:0359-1

Опубликовано: 05 фев. 2025

Источник: suse-cvrf

Описание

Security update for bind

This update for bind fixes the following issues:

CVE-2024-11187: Fixes CPU exhaustion caused by many records in the additional section (bsc#1236596)

Список пакетов

Image SLES15-SP5-Azure-3P

bind-utils-9.16.50-150500.8.24.1

python3-bind-9.16.50-150500.8.24.1

Image SLES15-SP5-BYOS-GCE

bind-utils-9.16.50-150500.8.24.1

python3-bind-9.16.50-150500.8.24.1

Image SLES15-SP5-CHOST-BYOS-Azure

bind-utils-9.16.50-150500.8.24.1

python3-bind-9.16.50-150500.8.24.1

Image SLES15-SP5-CHOST-BYOS-EC2

bind-utils-9.16.50-150500.8.24.1

python3-bind-9.16.50-150500.8.24.1

Image SLES15-SP5-CHOST-BYOS-GCE

bind-utils-9.16.50-150500.8.24.1

python3-bind-9.16.50-150500.8.24.1

Image SLES15-SP5-CHOST-BYOS-GDC

bind-utils-9.16.50-150500.8.24.1

python3-bind-9.16.50-150500.8.24.1

Image SLES15-SP5-CHOST-BYOS-SAP-CCloud

bind-utils-9.16.50-150500.8.24.1

python3-bind-9.16.50-150500.8.24.1

Image SLES15-SP5-GCE

bind-utils-9.16.50-150500.8.24.1

python3-bind-9.16.50-150500.8.24.1

Image SLES15-SP5-Hardened-BYOS-GCE

bind-utils-9.16.50-150500.8.24.1

python3-bind-9.16.50-150500.8.24.1

Image SLES15-SP5-Manager-Proxy-5-0-BYOS

bind-utils-9.16.50-150500.8.24.1

python3-bind-9.16.50-150500.8.24.1

Image SLES15-SP5-Manager-Proxy-5-0-BYOS-Azure

bind-utils-9.16.50-150500.8.24.1

python3-bind-9.16.50-150500.8.24.1

Image SLES15-SP5-Manager-Server-5-0

bind-utils-9.16.50-150500.8.24.1

python3-bind-9.16.50-150500.8.24.1

Image SLES15-SP5-Manager-Server-5-0-Azure-llc

bind-utils-9.16.50-150500.8.24.1

python3-bind-9.16.50-150500.8.24.1

Image SLES15-SP5-Manager-Server-5-0-Azure-ltd

bind-utils-9.16.50-150500.8.24.1

python3-bind-9.16.50-150500.8.24.1

Image SLES15-SP5-Manager-Server-5-0-BYOS

bind-utils-9.16.50-150500.8.24.1

python3-bind-9.16.50-150500.8.24.1

Image SLES15-SP5-Manager-Server-5-0-BYOS-Azure

bind-utils-9.16.50-150500.8.24.1

python3-bind-9.16.50-150500.8.24.1

Image SLES15-SP5-Micro-5-5-BYOS

bind-utils-9.16.50-150500.8.24.1

python3-bind-9.16.50-150500.8.24.1

Image SLES15-SP5-Micro-5-5-BYOS-Azure

bind-utils-9.16.50-150500.8.24.1

python3-bind-9.16.50-150500.8.24.1

Image SLES15-SP5-SAP-Azure-3P

bind-utils-9.16.50-150500.8.24.1

python3-bind-9.16.50-150500.8.24.1

Image SLES15-SP5-SAP-BYOS-GCE

bind-utils-9.16.50-150500.8.24.1

python3-bind-9.16.50-150500.8.24.1

SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS

bind-9.16.50-150500.8.24.1

bind-doc-9.16.50-150500.8.24.1

bind-utils-9.16.50-150500.8.24.1

python3-bind-9.16.50-150500.8.24.1

SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS

bind-9.16.50-150500.8.24.1

bind-doc-9.16.50-150500.8.24.1

bind-utils-9.16.50-150500.8.24.1

python3-bind-9.16.50-150500.8.24.1

SUSE Linux Enterprise Micro 5.5

bind-utils-9.16.50-150500.8.24.1

python3-bind-9.16.50-150500.8.24.1

SUSE Linux Enterprise Server 15 SP5-LTSS

bind-9.16.50-150500.8.24.1

bind-doc-9.16.50-150500.8.24.1

bind-utils-9.16.50-150500.8.24.1

python3-bind-9.16.50-150500.8.24.1

SUSE Linux Enterprise Server for SAP Applications 15 SP5

bind-9.16.50-150500.8.24.1

bind-doc-9.16.50-150500.8.24.1

bind-utils-9.16.50-150500.8.24.1

python3-bind-9.16.50-150500.8.24.1

Ссылки

https://www.suse.com/support/update/announcement/2025/suse-su-20250359-1/
Link for SUSE-SU-2025:0359-1
https://lists.suse.com/pipermail/sle-security-updates/2025-February/020280.html
E-Mail link for SUSE-SU-2025:0359-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1236596
SUSE Bug 1236596
https://www.suse.com/security/cve/CVE-2024-11187/
SUSE CVE CVE-2024-11187 page

Описание

It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources processing the queries. Zones will usually need to have been deliberately crafted to attack this exposure. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.32-S1.

Затронутые продукты

Image SLES15-SP5-Azure-3P:bind-utils-9.16.50-150500.8.24.1

Image SLES15-SP5-Azure-3P:python3-bind-9.16.50-150500.8.24.1

Image SLES15-SP5-BYOS-GCE:bind-utils-9.16.50-150500.8.24.1

Image SLES15-SP5-BYOS-GCE:python3-bind-9.16.50-150500.8.24.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-11187.html
CVE-2024-11187
https://bugzilla.suse.com/1236596
SUSE Bug 1236596

SUSE-SU-2025:0359-1

Описание

Список пакетов

Image SLES15-SP5-Azure-3P

Image SLES15-SP5-BYOS-GCE

Image SLES15-SP5-CHOST-BYOS-Azure

Image SLES15-SP5-CHOST-BYOS-EC2

Image SLES15-SP5-CHOST-BYOS-GCE

Image SLES15-SP5-CHOST-BYOS-GDC

Image SLES15-SP5-CHOST-BYOS-SAP-CCloud

Image SLES15-SP5-GCE

Image SLES15-SP5-Hardened-BYOS-GCE

Image SLES15-SP5-Manager-Proxy-5-0-BYOS

Image SLES15-SP5-Manager-Proxy-5-0-BYOS-Azure

Image SLES15-SP5-Manager-Server-5-0

Image SLES15-SP5-Manager-Server-5-0-Azure-llc

Image SLES15-SP5-Manager-Server-5-0-Azure-ltd

Image SLES15-SP5-Manager-Server-5-0-BYOS

Image SLES15-SP5-Manager-Server-5-0-BYOS-Azure

Image SLES15-SP5-Micro-5-5-BYOS

Image SLES15-SP5-Micro-5-5-BYOS-Azure

Image SLES15-SP5-SAP-Azure-3P

Image SLES15-SP5-SAP-BYOS-GCE

SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS

SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS

SUSE Linux Enterprise Micro 5.5

SUSE Linux Enterprise Server 15 SP5-LTSS

SUSE Linux Enterprise Server for SAP Applications 15 SP5

Ссылки

Уязвимость: CVE-2024-11187

Описание

Затронутые продукты

Ссылки