SUSE 2024:1982-1 Critical: Bind Denial Of Service Issues Fixed

suse

June 11, 2024

* bsc#1219823 * bsc#1219826 * bsc#1219851 * bsc#1219852 * bsc#1219854

Summary

## This update for bind fixes the following issues: * CVE-2023-4408: Fixed denial of service during DNS message parsing with different names (bsc#1219851) * CVE-2023-50387: Fixed denial of service during DNS messages validation with DNSSEC signatures (bsc#1219823) * CVE-2023-50868: Fixed denial of service during NSEC3 closest encloser proof preparation (bsc#1219826) * CVE-2023-5517: Fixed denial of service caused by specific queries with nxdomain-redirect enabled (bsc#1219852) * CVE-2023-6516: Fixed denial of service caused by specific queries that continuously triggered cache database maintenance (bsc#1219854) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

Topics Covered

security advisory denial of service critical software update bind patch SUSE

References

* bsc#1219823

* bsc#1219826

* bsc#1219851

* bsc#1219852

* bsc#1219854

Cross-

* CVE-2023-4408

* CVE-2023-50387

* CVE-2023-50868

* CVE-2023-5517

* CVE-2023-6516

CVSS scores:

* CVE-2023-4408 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-50387 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-50387 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-50868 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-5517 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-6516 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* Basesystem Module 15-SP6

* openSUSE Leap 15.3

* SUSE Enterprise Storage 7.1

* SUSE Linux Enterprise Desktop 15 SP6

Severity

critical

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2024:1982-1

Rating: important

Topics Covered

security advisory denial of service critical software update bind patch SUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

SUSE 2024:1982-1 Critical: Bind Denial Of Service Issues Fixed

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

SUSE 2024:1982-1 Critical: Bind Denial Of Service Issues Fixed

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!