MGASA-2024-0038
- Source
- https://advisories.mageia.org/MGASA-2024-0038.html
- Import Source
- https://advisories.mageia.org/MGASA-2024-0038.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MGASA-2024-0038
- Related
- Published
- 2024-02-15T18:36:07Z
- Modified
- 2024-02-15T18:25:28Z
- Summary
- Updated bind packages fix security vulnerabilities
- Details
-
The updated packages fix security vulnerabilities: Parsing large DNS messages may cause excessive CPU load. (CVE-2023-4408) Querying RFC 1918 reverse zones may cause an assertion failure when "nxdomain-redirect" is enabled. (CVE-2023-5517) Enabling both DNS64 and serve-stale may cause an assertion failure during recursive resolution. (CVE-2023-5679) KeyTrap - Extreme CPU consumption in DNSSEC validator. (CVE-2023-50387) Preparing an NSEC3 closest encloser proof can exhaust CPU resources. (CVE-2023-50868)
- References
-
- https://advisories.mageia.org/MGASA-2024-0038.html
- https://bugs.mageia.org/show_bug.cgi?id=32846
- https://kb.isc.org/docs/cve-2023-4408
- https://kb.isc.org/docs/cve-2023-5517
- https://kb.isc.org/docs/cve-2023-5679
- https://kb.isc.org/docs/cve-2023-50387
- https://kb.isc.org/docs/cve-2023-50868
- https://downloads.isc.org/isc/bind9/9.18.24/doc/arm/html/notes.html#notes-for-bind-9-18-24
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:9 / bind
Package
- Name
- bind
- Purl
- pkg:rpm/mageia/bind?distro=mageia-9