bind9.16 security update

2024-05-0613:04:21

Rockylinux Product Errata

errata.rockylinux.org

bind9

security update

rocky linux 8

cve

vulnerabilities

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.2

Confidence

High

EPSS

0.05

Percentile

92.9%

JSON

An update is available for bind9.16.
This update affects Rocky Linux 8.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.

Security Fix(es):

bind9: Parsing large DNS messages may cause excessive CPU load (CVE-2023-4408)
bind9: Querying RFC 1918 reverse zones may cause an assertion failure when “nxdomain-redirect” is enabled (CVE-2023-5517)
bind9: Enabling both DNS64 and serve-stale may cause an assertion failure during recursive resolution (CVE-2023-5679)
bind9: Specific recursive query patterns may lead to an out-of-memory condition (CVE-2023-6516)
bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator (CVE-2023-50387)
bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources (CVE-2023-50868)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
rocky8aarch64bind9.16< 9.16.23-0.16.el8_9.2bind9.16-32:9.16.23-0.16.el8_9.2.aarch64.rpm
rocky8x86_64bind9.16< 9.16.23-0.16.el8_9.2bind9.16-32:9.16.23-0.16.el8_9.2.x86_64.rpm
rocky8aarch64bind9.16-chroot< 9.16.23-0.16.el8_9.2bind9.16-chroot-32:9.16.23-0.16.el8_9.2.aarch64.rpm
rocky8x86_64bind9.16-chroot< 9.16.23-0.16.el8_9.2bind9.16-chroot-32:9.16.23-0.16.el8_9.2.x86_64.rpm
rocky8aarch64bind9.16-debuginfo< 9.16.23-0.16.el8_9.2bind9.16-debuginfo-32:9.16.23-0.16.el8_9.2.aarch64.rpm
rocky8i686bind9.16-debuginfo< 9.16.23-0.16.el8_9.2bind9.16-debuginfo-32:9.16.23-0.16.el8_9.2.i686.rpm
rocky8x86_64bind9.16-debuginfo< 9.16.23-0.16.el8_9.2bind9.16-debuginfo-32:9.16.23-0.16.el8_9.2.x86_64.rpm
rocky8aarch64bind9.16-debugsource< 9.16.23-0.16.el8_9.2bind9.16-debugsource-32:9.16.23-0.16.el8_9.2.aarch64.rpm
rocky8i686bind9.16-debugsource< 9.16.23-0.16.el8_9.2bind9.16-debugsource-32:9.16.23-0.16.el8_9.2.i686.rpm
rocky8x86_64bind9.16-debugsource< 9.16.23-0.16.el8_9.2bind9.16-debugsource-32:9.16.23-0.16.el8_9.2.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
rocky	8	aarch64	bind9.16	< 9.16.23-0.16.el8_9.2	bind9.16-32:9.16.23-0.16.el8_9.2.aarch64.rpm
rocky	8	x86_64	bind9.16	< 9.16.23-0.16.el8_9.2	bind9.16-32:9.16.23-0.16.el8_9.2.x86_64.rpm
rocky	8	aarch64	bind9.16-chroot	< 9.16.23-0.16.el8_9.2	bind9.16-chroot-32:9.16.23-0.16.el8_9.2.aarch64.rpm
rocky	8	x86_64	bind9.16-chroot	< 9.16.23-0.16.el8_9.2	bind9.16-chroot-32:9.16.23-0.16.el8_9.2.x86_64.rpm
rocky	8	aarch64	bind9.16-debuginfo	< 9.16.23-0.16.el8_9.2	bind9.16-debuginfo-32:9.16.23-0.16.el8_9.2.aarch64.rpm
rocky	8	i686	bind9.16-debuginfo	< 9.16.23-0.16.el8_9.2	bind9.16-debuginfo-32:9.16.23-0.16.el8_9.2.i686.rpm
rocky	8	x86_64	bind9.16-debuginfo	< 9.16.23-0.16.el8_9.2	bind9.16-debuginfo-32:9.16.23-0.16.el8_9.2.x86_64.rpm
rocky	8	aarch64	bind9.16-debugsource	< 9.16.23-0.16.el8_9.2	bind9.16-debugsource-32:9.16.23-0.16.el8_9.2.aarch64.rpm
rocky	8	i686	bind9.16-debugsource	< 9.16.23-0.16.el8_9.2	bind9.16-debugsource-32:9.16.23-0.16.el8_9.2.i686.rpm
rocky	8	x86_64	bind9.16-debugsource	< 9.16.23-0.16.el8_9.2	bind9.16-debugsource-32:9.16.23-0.16.el8_9.2.x86_64.rpm