This update for bind fixes the following issues:
- CVE-2024-1737: It is possible to craft excessively large numbers of
resource record types for a given owner name, which has the effect of
slowing down database processing. This has been addressed by
adding a configurable limit to the number of records that can
be stored per name and type in a cache or zone database. The
default is 100, which can be tuned with the new
max-types-per-name option. (bsc#1228256)
- CVE-2024-1975: Validating DNS messages signed using the SIG(0)
protocol (RFC 2931) could cause excessive CPU load, leading to a
denial-of-service condition. Support for SIG(0) message
validation was removed from this version of named.
(bsc#1228257)