Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 523
Alerts This Week
Warning Icon 1 523

SUSE 2024:2868-1 Important: Bind Denial of Service Security Advisory

suse
Calendar Grey August 9, 2024
Scroller Suse
This significant security notification outlines the recent bind revisions for SUSE tackling critical concerns. Keep updated!
* bsc#1228256 * bsc#1228257 Cross-References: * CVE-2024-1737

Summary

## This update for bind fixes the following issues: Security issues fixed: * It is possible to craft excessively large numbers of resource record types for a given owner name, which has the effect of slowing down database processing. This has been addressed by only allowing a maximum of 100 records to be stored per name and type in a cache or zone database. (CVE-2024-1737, bsc#1228256) * Validating DNS messages signed using the SIG(0) protocol (RFC 2931) could cause excessive CPU load, leading to a denial-of-service condition. Support for SIG(0) message validation was removed from this version of named. (CVE-2024-1975, bsc#1228257) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

References

* bsc#1228256

* bsc#1228257

Cross-

* CVE-2024-1737

* CVE-2024-1975

CVSS scores:

* CVE-2024-1737 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-1975 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* SUSE Linux Enterprise High Performance Computing 12 SP5

* SUSE Linux Enterprise Server 12 SP5

* SUSE Linux Enterprise Server for SAP Applications 12 SP5

* SUSE Linux Enterprise Software Development Kit 12 SP5

An update that solves two vulnerabilities can now be installed.

##

* https://www.suse.com/security/cve/CVE-2024-1737.html

* https://www.suse.com/security/cve/CVE-2024-1975.html

* https://bugzilla.suse.com/show_bug.cgi?id=1228256

* https://bugzilla.suse.com/show_bug.cgi?id=1228257

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2024:2868-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.