-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmXTdOAACgkQZWnYVadE
vpPc4Q//WkZ+wzjru8E9bb/e5yFR70skaYm9rvDNq7R1yXJph/mJFj3CItyXNpow
x27hKw+3YTst48PJqfftQf5Vaq/cCFbKPUALAiSpcyIx+zmg/+uvoikgSEnaJ2wB
3jq2zJ/b5VRabgoZWeqZdhLA9CLeF8UuBai0xuhZ99OyMcmhPMm+Xgusie8cmpKB
wbtNz1Ww2iHUm8qeOpigoLW+zNCOD9yry/a+vjp7BJIAwZfI2Tffu4MfoYVPOFrp
7vIagEgs9p+aOJagdaZS9tfw1SnWjhuLupXE/bC0Pia8ZWeGW8Cyb9KRJbV2nwSq
v7URfK+4UxgW4U824Xe/UUTEcc5NjsLO1QfZDzICKNnNOMrOb8F6SwYrcVc6hrCc
WiPumTdw/5ZQ6RibrcxUq5maB22CTdg3NYuZlE/9AcR3FjCY+mNQKLvZ0HyEFDbM
PwJ+GI2FV7Dp04TitDkuK9LYgZHXhGDh9HB44tnkG7OkazL5ejKj2lqV/bPcj+uw
lv9hoyDBa4Il/HnusVa+MolnGjsnQ2V4tE2abDx9sOS7uIz6dJrds5uWefwZUNLk
KaO5uVsRux7zTSvztfoErMtDT53BQb/UVrZJKiv1TqGbljJnvbROvr0/XruxVIcI
rEc/qPfz8yARH2/Ysp+z5PuNKfHWeTogqTGRi8TfgLQgOtvunjQ=
=xDqX
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6642-1
February 19, 2024
bind9 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in Bind.
Software Description:
- bind9: Internet Domain Name Server
Details:
Shoham Danino, Anat Bremler-Barr, Yehuda Afek, and Yuval Shavitt discovered
that Bind incorrectly handled parsing large DNS messages. A remote attacker
could possibly use this issue to cause Bind to consume resources, leading
to a denial of service. (CVE-2023-4408)
Elias Heftrig, Haya Schulmann, Niklas Vogel, and Michael Waidner discovered
that Bind icorrectly handled validating DNSSEC messages. A remote attacker
could possibly use this issue to cause Bind to consume resources, leading
to a denial of service. (CVE-2023-50387)
It was discovered that Bind incorrectly handled preparing an NSEC3 closest
encloser proof. A remote attacker could possibly use this issue to cause
Bind to consume resources, leading to a denial of service. (CVE-2023-50868)
It was discovered that Bind incorrectly handled reverse zone queries when
nxdomain-redirect is enabled. A remote attacker could possibly use this
issue to cause Bind to crash, leading to a denial of service.
(CVE-2023-5517)
It was discovered that Bind incorrectly handled certain specific recursive
query patterns. A remote attacker could possibly use this issue to cause
Bind to consume memory, leading to a denial of service. (CVE-2023-6516)
Bind has been updated to 9.6.48. In addition to security fixes, the updated
packages contain bug fixes, new features, and possibly incompatible
changes.
Please see the following for more information:
https://downloads.isc.org/isc/bind9/9.16.48/doc/arm/html/notes.html
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
bind9 1:9.16.48-0ubuntu0.20.04.1
This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.
References:
https://ubuntu.com/security/notices/USN-6642-1
CVE-2023-4408, CVE-2023-50387, CVE-2023-50868, CVE-2023-5517,
CVE-2023-6516
Package Information:
https://launchpad.net/ubuntu/+source/bind9/1:9.16.48-0ubuntu0.20.04.1
No comments:
Post a Comment