Overview

File _patchinfo of Package patchinfo.32604

<patchinfo incident="32604">
  <issue tracker="cve" id="2023-5517"/>
  <issue tracker="cve" id="2023-6516"/>
  <issue tracker="cve" id="2023-50387"/>
  <issue tracker="cve" id="2023-5679"/>
  <issue tracker="cve" id="2023-50868"/>
  <issue tracker="cve" id="2023-4408"/>
  <issue tracker="bnc" id="1219854">VUL-0: CVE-2023-6516: bind: Specific recursive query patterns may lead to an out-of-memory condition</issue>
  <issue tracker="bnc" id="1219826">VUL-0: CVE-2023-50868: unbound, bind, pdns, dnsmasq: Denial Of Service while trying to validate specially crafted DNSSEC responses</issue>
  <issue tracker="bnc" id="1219852">VUL-0: CVE-2023-5517: bind: Querying RFC 1918 reverse zones may cause an assertion failure when "nxdomain-redirect" is enabled</issue>
  <issue tracker="bnc" id="1219851">VUL-0: CVE-2023-4408: bind: Parsing large DNS messages may cause excessive CPU load</issue>
  <issue tracker="bnc" id="1219853">VUL-0: CVE-2023-5679: bind: Enabling both DNS64 and serve-stale may cause an assertion failure during recursive resolution</issue>
  <issue tracker="bnc" id="1219823">VUL-0: CVE-2023-50387 : unbound, pdns, bind, dnsmasq: Denial Of Service while trying to validate specially crafted DNSSEC responses</issue>
  <packager>jcronenberg</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for bind</summary>
  <description>This update for bind fixes the following issues:

Update to release 9.16.48:

Feature Changes:
* The IP addresses for B.ROOT-SERVERS.NET have been updated to
  170.247.170.2 and 2801:1b8:10::b.

Security Fixes:
* Validating DNS messages containing a lot of DNSSEC signatures
  could cause excessive CPU load, leading to a denial-of-service
  condition. This has been fixed. (CVE-2023-50387) [bsc#1219823]
* Preparing an NSEC3 closest encloser proof could cause excessive
  CPU load, leading to a denial-of-service condition. This has
  been fixed. (CVE-2023-50868) [bsc#1219826]
* Parsing DNS messages with many different names could cause
  excessive CPU load. This has been fixed. (CVE-2023-4408) [bsc#1219851]
* Specific queries could cause named to crash with an assertion
  failure when nxdomain-redirect was enabled. This has been
  fixed. (CVE-2023-5517) [bsc#1219852]
* A bad interaction between DNS64 and serve-stale could cause
  named to crash with an assertion failure, when both of these
  features were enabled. This has been fixed. (CVE-2023-5679)
  [bsc#1219853]
* Query patterns that continuously triggered cache database
  maintenance could cause an excessive amount of memory to be
  allocated, exceeding max-cache-size and potentially leading to
  all available memory on the host running named being exhausted.
  This has been fixed. (CVE-2023-6516) [bsc#1219854]

Removed Features:
* Support for using AES as the DNS COOKIE algorithm
  (cookie-algorithm aes;) has been deprecated and will be removed
  in a future release. Please use the current default,
  SipHash-2-4, instead.
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places