- Update to release 9.18.19
  Security Fixes:
  * Previously, sending a specially crafted message over the
    control channel could cause the packet-parsing code to run out
    of available stack memory, causing named to terminate
    unexpectedly. This has been fixed. (CVE-2023-3341)
    [bsc#1215472]
  * A flaw in the networking code handling DNS-over-TLS queries
    could cause named to terminate unexpectedly due to an assertion
    failure under significant DNS-over-TLS query load. This has
    been fixed. (CVE-2023-4236)
    [bsc#1215471]
  Removed Features:
  * The dnssec-must-be-secure option has been deprecated and will
    be removed in a future release.
  Feature Changes:
  * If the server command is specified, nsupdate now honors the
    nsupdate -v option for SOA queries by sending both the UPDATE
    request and the initial query over TCP.
  Bug Fixes:
  * The value of the If-Modified-Since header in the statistics
    channel was not being correctly validated for its length,
    potentially allowing an authorized user to trigger a buffer
    overflow. Ensuring the statistics channel is configured
    correctly to grant access exclusively to authorized users is
    essential (see the statistics-channels block definition and
    usage section).
  * The Content-Length header in the statistics channel was lacking
    proper bounds checking. A negative or excessively large value
    could potentially trigger an integer overflow and result in an

• Files Changed
• Browse Source