Overview

File _patchinfo of Package patchinfo.35132

<patchinfo incident="35132">
  <issue tracker="cve" id="2024-1737"/>
  <issue tracker="cve" id="2024-1975"/>
  <issue tracker="bnc" id="1228257">VUL-0: CVE-2024-1975: bind: SIG(0) can be used to exhaust CPU resources</issue>
  <issue tracker="bnc" id="1228256">VUL-0: CVE-2024-1737: bind: BIND's database will be slow if a very large number of RRs exist at the same name</issue>
  <packager>jcronenberg</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for bind</summary>
  <description>This update for bind fixes the following issues:

Security issues fixed:

- It is possible to craft excessively large numbers of resource
  record types for a given owner name, which has the effect of
  slowing down database processing. This has been addressed by
  only allowing a maximum of 100 records to be stored per name
  and type in a cache or zone database. (CVE-2024-1737, bsc#1228256)
- Validating DNS messages signed using the SIG(0) protocol (RFC
  2931) could cause excessive CPU load, leading to a
  denial-of-service condition. Support for SIG(0) message
  validation was removed from this version of named.
  (CVE-2024-1975, bsc#1228257)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places