USN-6633-1

Shoham Danino, Anat Bremler-Barr, Yehuda Afek, and Yuval Shavitt discovered that Bind incorrectly handled parsing large DNS messages. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service. (CVE-2023-4408)

Elias Heftrig, Haya Schulmann, Niklas Vogel, and Michael Waidner discovered that Bind icorrectly handled validating DNSSEC messages. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service. (CVE-2023-50387)

It was discovered that Bind incorrectly handled preparing an NSEC3 closest encloser proof. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service. (CVE-2023-50868)

It was discovered that Bind incorrectly handled reverse zone queries when nxdomain-redirect is enabled. A remote attacker could possibly use this issue to cause Bind to crash, leading to a denial of service. (CVE-2023-5517)

It was discovered that Bind incorrectly handled recursive resolution when both DNS64 and serve-stable were enabled. A remote attacker could possibly use this issue to cause Bind to crash, leading to a denial of service. (CVE-2023-5679)

References

Affected packages

Ubuntu:22.04:LTS / bind9

Package

Name: bind9
Purl: pkg:deb/ubuntu/bind9@1:9.18.18-0ubuntu0.22.04.2?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:9.18.18-0ubuntu0.22.04.2

Affected versions

1:9.*

1:9.16.15-1ubuntu1

1:9.16.15-1ubuntu2

1:9.16.15-1ubuntu3

1:9.18.0-2ubuntu1

1:9.18.0-2ubuntu2

1:9.18.0-2ubuntu3

1:9.18.1-1ubuntu1

1:9.18.1-1ubuntu1.1

1:9.18.1-1ubuntu1.2

1:9.18.1-1ubuntu1.3

1:9.18.12-0ubuntu0.22.04.1

1:9.18.12-0ubuntu0.22.04.2

1:9.18.12-0ubuntu0.22.04.3

1:9.18.18-0ubuntu0.22.04.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "bind9",
            "binary_version": "1:9.18.18-0ubuntu0.22.04.2"
        },
        {
            "binary_name": "bind9-dbgsym",
            "binary_version": "1:9.18.18-0ubuntu0.22.04.2"
        },
        {
            "binary_name": "bind9-dev",
            "binary_version": "1:9.18.18-0ubuntu0.22.04.2"
        },
        {
            "binary_name": "bind9-dnsutils",
            "binary_version": "1:9.18.18-0ubuntu0.22.04.2"
        },
        {
            "binary_name": "bind9-dnsutils-dbgsym",
            "binary_version": "1:9.18.18-0ubuntu0.22.04.2"
        },
        {
            "binary_name": "bind9-doc",
            "binary_version": "1:9.18.18-0ubuntu0.22.04.2"
        },
        {
            "binary_name": "bind9-host",
            "binary_version": "1:9.18.18-0ubuntu0.22.04.2"
        },
        {
            "binary_name": "bind9-host-dbgsym",
            "binary_version": "1:9.18.18-0ubuntu0.22.04.2"
        },
        {
            "binary_name": "bind9-libs",
            "binary_version": "1:9.18.18-0ubuntu0.22.04.2"
        },
        {
            "binary_name": "bind9-libs-dbgsym",
            "binary_version": "1:9.18.18-0ubuntu0.22.04.2"
        },
        {
            "binary_name": "bind9-utils",
            "binary_version": "1:9.18.18-0ubuntu0.22.04.2"
        },
        {
            "binary_name": "bind9-utils-dbgsym",
            "binary_version": "1:9.18.18-0ubuntu0.22.04.2"
        },
        {
            "binary_name": "bind9utils",
            "binary_version": "1:9.18.18-0ubuntu0.22.04.2"
        },
        {
            "binary_name": "dnsutils",
            "binary_version": "1:9.18.18-0ubuntu0.22.04.2"
        }
    ],
    "availability": "No subscription required"
}