-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmaf0vcACgkQZWnYVadE
vpOqIBAAlg059/k/Gyxa68kNwLB/OS98doIhux2qq8FwS1oxf3sdGK2cU0mGK+Ug
+ejZkRdLGKUpvoySyiBONk1DI3UJtLeSFbbAosH2sJN8s0rhAEH7DXB3XzEkfWn4
xPU3TLP8sZdjt7CruwOLjr8e7q8HF+hVN6Mp3iiEDeEHwWOyJUQyY5gnnK3PQljf
YqyBajXx0tC3vi0BrwGicEQII12x7CoDMazuROcoZ7r9d0KRNvY0msV/AqEunSnV
S4EaMPXrjdYb5sbeH2cQlLl7rllO17Hi02quGAFPZDx/isG5z2sJGuBr6YBsfbSI
LNMqhqCT40TihMbroMEd57V1je4vrf35z7nWbBGvPLcoBFdgFjdktDpb1loWy1Qx
P/KZhPd6TvdS0Z6hdcesrNjrHR4AtMrmP2f66Wnl4Ry77Brm3SvNIRZn7OnM0nxA
ebUxpdKuYKt9fByyNQC2jlpCfWrQP9EpbPPfizSR1HjQKEP+RUav7Ou3c99ufeS+
8I2MBQgt0QDbZizffplqH8sm8C0JUPVpybCLV5LuJ6F+cK95r8two9vlSxFa2R5j
Y1H8d2YDMmN0/ObNVj59SnE6Gmg1LrgpsREkHZuWmRyOPw2IgxoSFh+aN530ABrw
pmWgcmlQQVOzD6IBHNNBemrDs5zNv357Y+//h1xfYjjN4FkleNI=
=C0Oa
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6909-1
July 23, 2024
bind9 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in Bind.
Software Description:
- bind9: Internet Domain Name Server
Details:
It was discovered that Bind incorrectly handled a flood of DNS messages
over TCP. A remote attacker could possibly use this issue to cause Bind to
become unstable, resulting in a denial of service. (CVE-2024-0760)
Toshifumi Sakaguchi discovered that Bind incorrectly handled having a very
large number of RRs existing at the same time. A remote attacker could
possibly use this issue to cause Bind to consume resources, leading to a
denial of service. (CVE-2024-1737)
It was discovered that Bind incorrectly handled a large number of SIG(0)
signed requests. A remote attacker could possibly use this issue to cause
Bind to consume resources, leading to a denial of service. (CVE-2024-1975)
Daniel Stränger discovered that Bind incorrectly handled serving both
stable cache data and authoritative zone content. A remote attacker could
possibly use this issue to cause Bind to crash, resulting in a denial of
service. (CVE-2024-4076)
On Ubuntu 20.04 LTS, Bind has been updated from 9.16 to 9.18. In addition
to security fixes, the updated packages contain bug fixes, new features,
and possibly incompatible changes.
Please see the following for more information:
https://kb.isc.org/docs/changes-to-be-aware-of-when-moving-from-bind-916-to-918
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
bind9 1:9.18.28-0ubuntu0.24.04.1
Ubuntu 22.04 LTS
bind9 1:9.18.28-0ubuntu0.22.04.1
Ubuntu 20.04 LTS
bind9 1:9.18.28-0ubuntu0.20.04.1
This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.
References:
https://ubuntu.com/security/notices/USN-6909-1
CVE-2024-0760, CVE-2024-1737, CVE-2024-1975, CVE-2024-4076
Package Information:
https://launchpad.net/ubuntu/+source/bind9/1:9.18.28-0ubuntu0.24.04.1
https://launchpad.net/ubuntu/+source/bind9/1:9.18.28-0ubuntu0.22.04.1
https://launchpad.net/ubuntu/+source/bind9/1:9.18.28-0ubuntu0.20.04.1
No comments:
Post a Comment