[SECURITY] [DSA 5439-1] bind9 security update

2023-06-2520:12:23

lists.debian.org

dns server

vulnerabilities

bind9

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

54.0%

JSON

Debian Security Advisory DSA-5439-1 [email protected]
https://www.debian.org/security/ Salvatore Bonaccorso
June 25, 2023 https://www.debian.org/security/faq

Package : bind9
CVE ID : CVE-2023-2828 CVE-2023-2911

Several vulnerabilities were discovered in BIND, a DNS server
implementation.

CVE-2023-2828

Shoham Danino, Anat Bremler-Barr, Yehuda Afek and Yuval Shavitt
discovered that a flaw in the cache-cleaning algorithm used in named
can cause that named&#x27;s configured cache size limit can be
significantly exceeded, potentially resulting in denial of service.

CVE-2023-2911

It was discovered that a flaw in the handling of recursive-clients
quota may result in denial of service (named daemon crash).

For the oldstable distribution (bullseye), these problems have been fixed
in version 1:9.16.42-1~deb11u1.

For the stable distribution (bookworm), these problems have been fixed in
version 1:9.18.16-1~deb12u1.

We recommend that you upgrade your bind9 packages.

For the detailed security status of bind9 please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/bind9

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian12armhfbind9-dnsutils< 1:9.18.16-1~deb12u1bind9-dnsutils_1:9.18.16-1~deb12u1_armhf.deb
Debian11armhfbind9-host-dbgsym< 1:9.16.42-1~deb11u1bind9-host-dbgsym_1:9.16.42-1~deb11u1_armhf.deb
Debian11s390xbind9-libs-dbgsym< 1:9.16.42-1~deb11u1bind9-libs-dbgsym_1:9.16.42-1~deb11u1_s390x.deb
Debian10i386libdns1104< 1:9.11.5.P4+dfsg-5.1+deb10u9libdns1104_1:9.11.5.P4+dfsg-5.1+deb10u9_i386.deb
Debian10armhflibisc-export1100< 1:9.11.5.P4+dfsg-5.1+deb10u9libisc-export1100_1:9.11.5.P4+dfsg-5.1+deb10u9_armhf.deb
Debian12arm64bind9-host-dbgsym< 1:9.18.16-1~deb12u1bind9-host-dbgsym_1:9.18.16-1~deb12u1_arm64.deb
Debian12ppc64elbind9-host-dbgsym< 1:9.18.16-1~deb12u1bind9-host-dbgsym_1:9.18.16-1~deb12u1_ppc64el.deb
Debian12armhfbind9-dev< 1:9.18.16-1~deb12u1bind9-dev_1:9.18.16-1~deb12u1_armhf.deb
Debian12armelbind9-dnsutils-dbgsym< 1:9.18.16-1~deb12u1bind9-dnsutils-dbgsym_1:9.18.16-1~deb12u1_armel.deb
Debian10i386dnsutils< 1:9.11.5.P4+dfsg-5.1+deb10u9dnsutils_1:9.11.5.P4+dfsg-5.1+deb10u9_i386.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	armhf	bind9-dnsutils	< 1:9.18.16-1~deb12u1	bind9-dnsutils_1:9.18.16-1~deb12u1_armhf.deb
Debian	11	armhf	bind9-host-dbgsym	< 1:9.16.42-1~deb11u1	bind9-host-dbgsym_1:9.16.42-1~deb11u1_armhf.deb
Debian	11	s390x	bind9-libs-dbgsym	< 1:9.16.42-1~deb11u1	bind9-libs-dbgsym_1:9.16.42-1~deb11u1_s390x.deb
Debian	10	i386	libdns1104	< 1:9.11.5.P4+dfsg-5.1+deb10u9	libdns1104_1:9.11.5.P4+dfsg-5.1+deb10u9_i386.deb
Debian	10	armhf	libisc-export1100	< 1:9.11.5.P4+dfsg-5.1+deb10u9	libisc-export1100_1:9.11.5.P4+dfsg-5.1+deb10u9_armhf.deb
Debian	12	arm64	bind9-host-dbgsym	< 1:9.18.16-1~deb12u1	bind9-host-dbgsym_1:9.18.16-1~deb12u1_arm64.deb
Debian	12	ppc64el	bind9-host-dbgsym	< 1:9.18.16-1~deb12u1	bind9-host-dbgsym_1:9.18.16-1~deb12u1_ppc64el.deb
Debian	12	armhf	bind9-dev	< 1:9.18.16-1~deb12u1	bind9-dev_1:9.18.16-1~deb12u1_armhf.deb
Debian	12	armel	bind9-dnsutils-dbgsym	< 1:9.18.16-1~deb12u1	bind9-dnsutils-dbgsym_1:9.18.16-1~deb12u1_armel.deb
Debian	10	i386	dnsutils	< 1:9.11.5.P4+dfsg-5.1+deb10u9	dnsutils_1:9.11.5.P4+dfsg-5.1+deb10u9_i386.deb