Overview
Request 1146454 accepted
- Update to release 9.18.24
Security Fixes:
* Validating DNS messages containing a lot of DNSSEC signatures
could cause excessive CPU load, leading to a denial-of-service
condition. This has been fixed. (CVE-2023-50387)
[bsc#1219823]
* Preparing an NSEC3 closest encloser proof could cause excessiv
CPU load, leading to a denial-of-service condition. This has
been fixed. (CVE-2023-50868)
[bsc#1219826]
* Parsing DNS messages with many different names could cause
excessive CPU load. This has been fixed. (CVE-2023-4408)
[bsc#1219851]
* Specific queries could cause named to crash with an assertion
failure when nxdomain-redirect was enabled. This has been
fixed. (CVE-2023-5517)
[bsc#1219852]
* A bad interaction between DNS64 and serve-stale could cause
named to crash with an assertion failure, when both of these
features were enabled. This has been fixed. (CVE-2023-5679)
[bsc#1219853]
* Query patterns that continuously triggered cache database
maintenance could cause an excessive amount of memory to be
allocated, exceeding max-cache-size and potentially leading to
all available memory on the host running named being exhausted
This has been fixed. (CVE-2023-6516)
[bsc#1219854]
* Under certain circumstances, the DNS-over-TLS client code
incorrectly attempted to process more than one DNS message at a
time, which could cause named to crash with an assertion
failure. This has been fixed.
Bug Fixes:
* The counters exported via the statistics channel were changed
back to 64-bit signed values; they were being inadvertently
truncated to unsigned 32-bit values since BIND 9.15.0.
- Created by jcronenberg
- In state accepted
Request History
jcronenberg created request
- Update to release 9.18.24
Security Fixes:
* Validating DNS messages containing a lot of DNSSEC signatures
could cause excessive CPU load, leading to a denial-of-service
condition. This has been fixed. (CVE-2023-50387)
[bsc#1219823]
* Preparing an NSEC3 closest encloser proof could cause excessiv
CPU load, leading to a denial-of-service condition. This has
been fixed. (CVE-2023-50868)
[bsc#1219826]
* Parsing DNS messages with many different names could cause
excessive CPU load. This has been fixed. (CVE-2023-4408)
[bsc#1219851]
* Specific queries could cause named to crash with an assertion
failure when nxdomain-redirect was enabled. This has been
fixed. (CVE-2023-5517)
[bsc#1219852]
* A bad interaction between DNS64 and serve-stale could cause
named to crash with an assertion failure, when both of these
features were enabled. This has been fixed. (CVE-2023-5679)
[bsc#1219853]
* Query patterns that continuously triggered cache database
maintenance could cause an excessive amount of memory to be
allocated, exceeding max-cache-size and potentially leading to
all available memory on the host running named being exhausted
This has been fixed. (CVE-2023-6516)
[bsc#1219854]
* Under certain circumstances, the DNS-over-TLS client code
incorrectly attempted to process more than one DNS message at a
time, which could cause named to crash with an assertion
failure. This has been fixed.
Bug Fixes:
* The counters exported via the statistics channel were changed
back to 64-bit signed values; they were being inadvertently
truncated to unsigned 32-bit values since BIND 9.15.0.
factory-auto added opensuse-review-team as a reviewer
Please review sources
factory-auto accepted review
Check script succeeded
licensedigger accepted review
ok
darix accepted review
Accepted review for by_group opensuse-review-team request 1146454 from user factory-auto
anag+factory set openSUSE:Factory:Staging:H as a staging project
Being evaluated by staging project "openSUSE:Factory:Staging:H"
anag+factory accepted review
Picked "openSUSE:Factory:Staging:H"
anag+factory added factory-staging as a reviewer
Being evaluated by group "factory-staging"
anag+factory accepted review
Unstaged from project "openSUSE:Factory:Staging:H"
anag+factory set openSUSE:Factory:Staging:E as a staging project
Being evaluated by staging project "openSUSE:Factory:Staging:E"
anag+factory accepted review
Picked "openSUSE:Factory:Staging:E"
anag+factory accepted review
Staging Project openSUSE:Factory:Staging:E got accepted.
anag+factory approved review
Staging Project openSUSE:Factory:Staging:E got accepted.
anag+factory accepted request
Staging Project openSUSE:Factory:Staging:E got accepted.
