Explore top 10 tips to secure your open-source projects now. Read More
×Update to 9.16.33 (#2342784) Security Fixes: DNS-over-HTTPS flooding fixes. (CVE-2024-12705) Limit additional section processing for large RDATA sets. (CVE-2024-11187) New Features:. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-3551f3ba1b 2025-02-12 01:35:52.622127+00:00 -------------------------------------------------------------------------------- Name : bind Product : Fedora 41 Version : 9.18.33 Release : 1.fc41 URL : https://www.isc.org/bind/ Summary : The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server Description : BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating properly. -------------------------------------------------------------------------------- Update Information: Update to 9.16.33 (#2342784) Security Fixes: DNS-over-HTTPS flooding fixes. (CVE-2024-12705) Limit additional section processing for large RDATA sets. (CVE-2024-11187) New Features: Add a new option to configure the maximum number of outgoing queries per client request. Bug Fixes: Fix nsupdate hang when processing a large update. Fix possible assertion failure when reloading server while processing update policy rules. [GL #5006] Fix dnssec-signzone signing non-DNSKEY RRsets with revoked keys. Fix improper handling of unknown directives in resolv.conf. Upstream Release Notes -------------------------------------------------------------------------------- ChangeLog: * Sun Feb 2 2025 Petr MenÅ¡Ãk - 32:9.18.33-1 - Update to 9.16.33 (rhbz#2342784) * Fri Jan 17 2025 Petr MenÅ¡Ãk - 32:9.18.32-4 - Add sysusers named user creation (rhbz#2105415) * Thu Dec 12 2024 Petr MenÅ¡Ãk - 32:9.18.32-1 - Update to 9.18.32 (#2331675) - RemoveCHANGES file from package - Disable DLZ plugins, they are not shipped with bind anymore - Add new root key 38696 into package files too * Thu Dec 12 2024 Petr MenÅ¡Ãk - 32:9.18.31-3 - Disable temporarily PDF generation on all platforms * Wed Dec 4 2024 Petr MenÅ¡Ãk - 32:9.18.31-2 - Add nsupdate TLS support (FREEIPA-11706) - Include a test for nsupdate changes * Thu Nov 14 2024 Petr MenÅ¡Ãk - 32:9.18.31-1 - Update to 9.18.31 (#2319214) * Thu Nov 14 2024 Petr MenÅ¡Ãk - 32:9.18.30-3 - Bump obsoleted license version (rhbz#2308102) * Tue Oct 8 2024 Petr MenÅ¡Ãk - 32:9.18.30-2 - Make OpenSSL engine support optional -------------------------------------------------------------------------------- References: [ 1 ] Bug #2319214 - bind-9.18.31 is available https://bugzilla.redhat.com/show_bug.cgi?id=2319214 [ 2 ] Bug #2331675 - bind-9.18.32 is available https://bugzilla.redhat.com/show_bug.cgi?id=2331675 [ 3 ] Bug #2342784 - bind-9.18.33 is available https://bugzilla.redhat.com/show_bug.cgi?id=2342784 [ 4 ] Bug #2342883 - CVE-2024-12705 bind: DNS-over-HTTPS implementation suffers from multiple issues under heavy query load [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2342883 [ 5 ] Bug #2342891 - CVE-2024-11187 bind: Many records in the additional section cause CPU exhaustion [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2342891 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-3551f3ba1b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ -------------------------------------------------------------------------------- . The latest update for BIND 9.16.33 in Fedora 41 resolves DNS flooding vulnerabilities and improves overall security, as stated in advisory FEDORA-2025-3551f3ba1b.. dns flooding fix,binding updates,fedora advisories,service security updates,bind fixes. . LinuxSecurity.com Team
The updated packages fix security vulnerabilities: Parsing large DNS messages may cause excessive CPU load. (CVE-2023-4408) Querying RFC 1918 reverse zones may cause an assertion failure when "nxdomain-redirect" is enabled. (CVE-2023-5517) Enabling both DNS64 and serve-stale may cause an assertion failure . MGASA-2024-0038 - Updated bind packages fix security vulnerabilities Publication date: 15 Feb 2024 URL: https://advisories.mageia.org/MGASA-2024-0038.html Type: security Affected Mageia releases: 9 CVE: CVE-2023-4408, CVE-2023-5517, CVE-2023-5679, CVE-2023-50387, CVE-2023-50868 The updated packages fix security vulnerabilities: Parsing large DNS messages may cause excessive CPU load. (CVE-2023-4408) Querying RFC 1918 reverse zones may cause an assertion failure when "nxdomain-redirect" is enabled. (CVE-2023-5517) Enabling both DNS64 and serve-stale may cause an assertion failure during recursive resolution. (CVE-2023-5679) KeyTrap - Extreme CPU consumption in DNSSEC validator. (CVE-2023-50387) Preparing an NSEC3 closest encloser proof can exhaust CPU resources. (CVE-2023-50868) References: - https://bugs.mageia.org/show_bug.cgi?id=32846 - https://kb.isc.org/docs/cve-2023-4408 - https://kb.isc.org/docs/cve-2023-5517 - https://kb.isc.org/docs/cve-2023-5679 - https://kb.isc.org/docs/cve-2023-50387 - https://kb.isc.org/docs/cve-2023-50868 - https://downloads.isc.org/isc/bind9/9.18.24/doc/arm/html/notes.html#notes-for-bind-9-18-24 - https://www.cve.org/CVERecord?id=CVE-2023-4408 - https://www.cve.org/CVERecord?id=CVE-2023-5517 - https://www.cve.org/CVERecord?id=CVE-2023-5679 - https://www.cve.org/CVERecord?id=CVE-2023-50387 - https://www.cve.org/CVERecord?id=CVE-2023-50868 SRPMS: - 9/core/bind-9.18.15-2.3.mga9 . Recent updates to the bind packages in Mageia have addressed vulnerabilities related to security concerns, as well as resolved issues tied to CPU usage and assertion errors within DNS setups.. Bind Security Update, Mageia 9, DNS Issues, Security Fixes. . Severity: Critical.LinuxSecurity.com Team
An issue has been discovered in BIND, a DNS server implementation. A stack exhaustion flaw was discovered in the control channel code . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3726-1
Multiple vulnerabilities have been found in c-ares, the worst of which could result in the loss of confidentiality or integrity.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202401-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: c-ares: Multiple Vulnerabilities Date: January 05, 2024 Bugs: #807604, #807775, #892489, #905341 ID: 202401-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in c-ares, the worst of which could result in the loss of confidentiality or integrity. Background ========== c-ares is a C library for asynchronous DNS requests (including name resolves). Affected packages ================= Package Vulnerable Unaffected -------------- ------------ ------------ net-dns/c-ares < 1.19.0 > = 1.19.0 Description =========== Multiple vulnerabilities have been discovered in c-ares. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All c-ares users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-dns/c-ares-1.19.0" References ========== [ 1 ] CVE-2021-3672 https://nvd.nist.gov/vuln/detail/CVE-2021-3672 [ 2 ] CVE-2021-22930 https://nvd.nist.gov/vuln/detail/CVE-2021-22930 [ 3 ] CVE-2021-22931 https://nvd.nist.gov/vuln/detail/CVE-2021-22931 [ 4 ] CVE-2021-22939 https://nvd.nist.gov/vuln/detail/CVE-2021-22939 [ 5 ] CVE-2021-22940 https://nvd.nist.gov/vuln/detail/CVE-2021-22940 [ 6 ] CVE-2022-4904 https://nvd.nist.gov/vuln/detail/CVE-2022-4904 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202401-02 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
An update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: bind security update Advisory ID: RHSA-2023:4152-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:4152 Issue date: 2023-07-18 CVE Names: CVE-2023-2828 ==================================================================== 1. Summary: An update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: named'sconfigured cache size limit can be significantly exceeded (CVE-2023-2828) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, the BIND daemon (named) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 2216227 - CVE-2023-2828 bind: named's configured cache size limit can be significantly exceeded 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: bind-9.11.4-26.P2.el7_9.14.src.rpm noarch: bind-license-9.11.4-26.P2.el7_9.14.noarch.rpm x86_64: bind-debuginfo-9.11.4-26.P2.el7_9.14.i686.rpm bind-debuginfo-9.11.4-26.P2.el7_9.14.x86_64.rpm bind-export-libs-9.11.4-26.P2.el7_9.14.i686.rpm bind-export-libs-9.11.4-26.P2.el7_9.14.x86_64.rpm bind-libs-9.11.4-26.P2.el7_9.14.i686.rpm bind-libs-9.11.4-26.P2.el7_9.14.x86_64.rpm bind-libs-lite-9.11.4-26.P2.el7_9.14.i686.rpm bind-libs-lite-9.11.4-26.P2.el7_9.14.x86_64.rpm bind-utils-9.11.4-26.P2.el7_9.14.x86_64.rpm Red Hat Enterprise Linux Client Optional (v.7): x86_64: bind-9.11.4-26.P2.el7_9.14.x86_64.rpm bind-chroot-9.11.4-26.P2.el7_9.14.x86_64.rpm bind-debuginfo-9.11.4-26.P2.el7_9.14.i686.rpm bind-debuginfo-9.11.4-26.P2.el7_9.14.x86_64.rpm bind-devel-9.11.4-26.P2.el7_9.14.i686.rpm bind-devel-9.11.4-26.P2.el7_9.14.x86_64.rpm bind-export-devel-9.11.4-26.P2.el7_9.14.i686.rpm bind-export-devel-9.11.4-26.P2.el7_9.14.x86_64.rpm bind-lite-devel-9.11.4-26.P2.el7_9.14.i686.rpm bind-lite-devel-9.11.4-26.P2.el7_9.14.x86_64.rpm bind-pkcs11-9.11.4-26.P2.el7_9.14.x86_64.rpm bind-pkcs11-devel-9.11.4-26.P2.el7_9.14.i686.rpm bind-pkcs11-devel-9.11.4-26.P2.el7_9.14.x86_64.rpm bind-pkcs11-libs-9.11.4-26.P2.el7_9.14.i686.rpm bind-pkcs11-libs-9.11.4-26.P2.el7_9.14.x86_64.rpm bind-pkcs11-utils-9.11.4-26.P2.el7_9.14.x86_64.rpm bind-sdb-9.11.4-26.P2.el7_9.14.x86_64.rpm bind-sdb-chroot-9.11.4-26.P2.el7_9.14.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: bind-9.11.4-26.P2.el7_9.14.src.rpm noarch: bind-license-9.11.4-26.P2.el7_9.14.noarch.rpm x86_64: bind-debuginfo-9.11.4-26.P2.el7_9.14.i686.rpm bind-debuginfo-9.11.4-26.P2.el7_9.14.x86_64.rpm bind-export-libs-9.11.4-26.P2.el7_9.14.i686.rpm bind-export-libs-9.11.4-26.P2.el7_9.14.x86_64.rpm bind-libs-9.11.4-26.P2.el7_9.14.i686.rpm bind-libs-9.11.4-26.P2.el7_9.14.x86_64.rpm bind-libs-lite-9.11.4-26.P2.el7_9.14.i686.rpm bind-libs-lite-9.11.4-26.P2.el7_9.14.x86_64.rpm bind-utils-9.11.4-26.P2.el7_9.14.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v.7): x86_64: bind-9.11.4-26.P2.el7_9.14.x86_64.rpm bind-chroot-9.11.4-26.P2.el7_9.14.x86_64.rpm bind-debuginfo-9.11.4-26.P2.el7_9.14.i686.rpm bind-debuginfo-9.11.4-26.P2.el7_9.14.x86_64.rpm bind-devel-9.11.4-26.P2.el7_9.14.i686.rpm bind-devel-9.11.4-26.P2.el7_9.14.x86_64.rpm bind-export-devel-9.11.4-26.P2.el7_9.14.i686.rpm bind-export-devel-9.11.4-26.P2.el7_9.14.x86_64.rpm bind-lite-devel-9.11.4-26.P2.el7_9.14.i686.rpm bind-lite-devel-9.11.4-26.P2.el7_9.14.x86_64.rpm bind-pkcs11-9.11.4-26.P2.el7_9.14.x86_64.rpm bind-pkcs11-devel-9.11.4-26.P2.el7_9.14.i686.rpm bind-pkcs11-devel-9.11.4-26.P2.el7_9.14.x86_64.rpm bind-pkcs11-libs-9.11.4-26.P2.el7_9.14.i686.rpm bind-pkcs11-libs-9.11.4-26.P2.el7_9.14.x86_64.rpm bind-pkcs11-utils-9.11.4-26.P2.el7_9.14.x86_64.rpm bind-sdb-9.11.4-26.P2.el7_9.14.x86_64.rpm bind-sdb-chroot-9.11.4-26.P2.el7_9.14.x86_64.rpm Red Hat Enterprise Linux Server (v.7): Source: bind-9.11.4-26.P2.el7_9.14.src.rpm noarch: bind-license-9.11.4-26.P2.el7_9.14.noarch.rpm ppc64: bind-9.11.4-26.P2.el7_9.14.ppc64.rpm bind-chroot-9.11.4-26.P2.el7_9.14.ppc64.rpm bind-debuginfo-9.11.4-26.P2.el7_9.14.ppc.rpm bind-debuginfo-9.11.4-26.P2.el7_9.14.ppc64.rpm bind-export-libs-9.11.4-26.P2.el7_9.14.ppc.rpm bind-export-libs-9.11.4-26.P2.el7_9.14.ppc64.rpm bind-libs-9.11.4-26.P2.el7_9.14.ppc.rpm bind-libs-9.11.4-26.P2.el7_9.14.ppc64.rpm bind-libs-lite-9.11.4-26.P2.el7_9.14.ppc.rpm bind-libs-lite-9.11.4-26.P2.el7_9.14.ppc64.rpm bind-pkcs11-9.11.4-26.P2.el7_9.14.ppc64.rpm bind-pkcs11-libs-9.11.4-26.P2.el7_9.14.ppc.rpm bind-pkcs11-libs-9.11.4-26.P2.el7_9.14.ppc64.rpm bind-pkcs11-utils-9.11.4-26.P2.el7_9.14.ppc64.rpm bind-utils-9.11.4-26.P2.el7_9.14.ppc64.rpm ppc64le: bind-9.11.4-26.P2.el7_9.14.ppc64le.rpm bind-chroot-9.11.4-26.P2.el7_9.14.ppc64le.rpm bind-debuginfo-9.11.4-26.P2.el7_9.14.ppc64le.rpm bind-export-libs-9.11.4-26.P2.el7_9.14.ppc64le.rpm bind-libs-9.11.4-26.P2.el7_9.14.ppc64le.rpm bind-libs-lite-9.11.4-26.P2.el7_9.14.ppc64le.rpm bind-pkcs11-9.11.4-26.P2.el7_9.14.ppc64le.rpm bind-pkcs11-libs-9.11.4-26.P2.el7_9.14.ppc64le.rpm bind-pkcs11-utils-9.11.4-26.P2.el7_9.14.ppc64le.rpm bind-utils-9.11.4-26.P2.el7_9.14.ppc64le.rpm s390x: bind-9.11.4-26.P2.el7_9.14.s390x.rpm bind-chroot-9.11.4-26.P2.el7_9.14.s390x.rpm bind-debuginfo-9.11.4-26.P2.el7_9.14.s390.rpm bind-debuginfo-9.11.4-26.P2.el7_9.14.s390x.rpm bind-export-libs-9.11.4-26.P2.el7_9.14.s390.rpm bind-export-libs-9.11.4-26.P2.el7_9.14.s390x.rpm bind-libs-9.11.4-26.P2.el7_9.14.s390.rpm bind-libs-9.11.4-26.P2.el7_9.14.s390x.rpm bind-libs-lite-9.11.4-26.P2.el7_9.14.s390.rpm bind-libs-lite-9.11.4-26.P2.el7_9.14.s390x.rpm bind-pkcs11-9.11.4-26.P2.el7_9.14.s390x.rpm bind-pkcs11-libs-9.11.4-26.P2.el7_9.14.s390.rpm bind-pkcs11-libs-9.11.4-26.P2.el7_9.14.s390x.rpm bind-pkcs11-utils-9.11.4-26.P2.el7_9.14.s390x.rpm bind-utils-9.11.4-26.P2.el7_9.14.s390x.rpm x86_64: bind-9.11.4-26.P2.el7_9.14.x86_64.rpm bind-chroot-9.11.4-26.P2.el7_9.14.x86_64.rpm bind-debuginfo-9.11.4-26.P2.el7_9.14.i686.rpm bind-debuginfo-9.11.4-26.P2.el7_9.14.x86_64.rpm bind-export-libs-9.11.4-26.P2.el7_9.14.i686.rpm bind-export-libs-9.11.4-26.P2.el7_9.14.x86_64.rpm bind-libs-9.11.4-26.P2.el7_9.14.i686.rpm bind-libs-9.11.4-26.P2.el7_9.14.x86_64.rpm bind-libs-lite-9.11.4-26.P2.el7_9.14.i686.rpm bind-libs-lite-9.11.4-26.P2.el7_9.14.x86_64.rpm bind-pkcs11-9.11.4-26.P2.el7_9.14.x86_64.rpm bind-pkcs11-libs-9.11.4-26.P2.el7_9.14.i686.rpm bind-pkcs11-libs-9.11.4-26.P2.el7_9.14.x86_64.rpm bind-pkcs11-utils-9.11.4-26.P2.el7_9.14.x86_64.rpm bind-utils-9.11.4-26.P2.el7_9.14.x86_64.rpm Red Hat Enterprise Linux Server Optional (v.7): ppc64: bind-debuginfo-9.11.4-26.P2.el7_9.14.ppc.rpm bind-debuginfo-9.11.4-26.P2.el7_9.14.ppc64.rpm bind-devel-9.11.4-26.P2.el7_9.14.ppc.rpm bind-devel-9.11.4-26.P2.el7_9.14.ppc64.rpm bind-export-devel-9.11.4-26.P2.el7_9.14.ppc.rpm bind-export-devel-9.11.4-26.P2.el7_9.14.ppc64.rpm bind-lite-devel-9.11.4-26.P2.el7_9.14.ppc.rpm bind-lite-devel-9.11.4-26.P2.el7_9.14.ppc64.rpm bind-pkcs11-devel-9.11.4-26.P2.el7_9.14.ppc.rpm bind-pkcs11-devel-9.11.4-26.P2.el7_9.14.ppc64.rpm bind-sdb-9.11.4-26.P2.el7_9.14.ppc64.rpm bind-sdb-chroot-9.11.4-26.P2.el7_9.14.ppc64.rpm ppc64le: bind-debuginfo-9.11.4-26.P2.el7_9.14.ppc64le.rpm bind-devel-9.11.4-26.P2.el7_9.14.ppc64le.rpm bind-export-devel-9.11.4-26.P2.el7_9.14.ppc64le.rpm bind-lite-devel-9.11.4-26.P2.el7_9.14.ppc64le.rpm bind-pkcs11-devel-9.11.4-26.P2.el7_9.14.ppc64le.rpm bind-sdb-9.11.4-26.P2.el7_9.14.ppc64le.rpm bind-sdb-chroot-9.11.4-26.P2.el7_9.14.ppc64le.rpm s390x: bind-debuginfo-9.11.4-26.P2.el7_9.14.s390.rpm bind-debuginfo-9.11.4-26.P2.el7_9.14.s390x.rpm bind-devel-9.11.4-26.P2.el7_9.14.s390.rpm bind-devel-9.11.4-26.P2.el7_9.14.s390x.rpm bind-export-devel-9.11.4-26.P2.el7_9.14.s390.rpm bind-export-devel-9.11.4-26.P2.el7_9.14.s390x.rpm bind-lite-devel-9.11.4-26.P2.el7_9.14.s390.rpm bind-lite-devel-9.11.4-26.P2.el7_9.14.s390x.rpm bind-pkcs11-devel-9.11.4-26.P2.el7_9.14.s390.rpm bind-pkcs11-devel-9.11.4-26.P2.el7_9.14.s390x.rpm bind-sdb-9.11.4-26.P2.el7_9.14.s390x.rpm bind-sdb-chroot-9.11.4-26.P2.el7_9.14.s390x.rpm x86_64: bind-debuginfo-9.11.4-26.P2.el7_9.14.i686.rpm bind-debuginfo-9.11.4-26.P2.el7_9.14.x86_64.rpm bind-devel-9.11.4-26.P2.el7_9.14.i686.rpm bind-devel-9.11.4-26.P2.el7_9.14.x86_64.rpm bind-export-devel-9.11.4-26.P2.el7_9.14.i686.rpm bind-export-devel-9.11.4-26.P2.el7_9.14.x86_64.rpm bind-lite-devel-9.11.4-26.P2.el7_9.14.i686.rpm bind-lite-devel-9.11.4-26.P2.el7_9.14.x86_64.rpm bind-pkcs11-devel-9.11.4-26.P2.el7_9.14.i686.rpm bind-pkcs11-devel-9.11.4-26.P2.el7_9.14.x86_64.rpm bind-sdb-9.11.4-26.P2.el7_9.14.x86_64.rpm bind-sdb-chroot-9.11.4-26.P2.el7_9.14.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: bind-9.11.4-26.P2.el7_9.14.src.rpm noarch: bind-license-9.11.4-26.P2.el7_9.14.noarch.rpm x86_64: bind-9.11.4-26.P2.el7_9.14.x86_64.rpm bind-chroot-9.11.4-26.P2.el7_9.14.x86_64.rpm bind-debuginfo-9.11.4-26.P2.el7_9.14.i686.rpm bind-debuginfo-9.11.4-26.P2.el7_9.14.x86_64.rpm bind-export-libs-9.11.4-26.P2.el7_9.14.i686.rpm bind-export-libs-9.11.4-26.P2.el7_9.14.x86_64.rpm bind-libs-9.11.4-26.P2.el7_9.14.i686.rpm bind-libs-9.11.4-26.P2.el7_9.14.x86_64.rpm bind-libs-lite-9.11.4-26.P2.el7_9.14.i686.rpm bind-libs-lite-9.11.4-26.P2.el7_9.14.x86_64.rpm bind-pkcs11-9.11.4-26.P2.el7_9.14.x86_64.rpm bind-pkcs11-libs-9.11.4-26.P2.el7_9.14.i686.rpm bind-pkcs11-libs-9.11.4-26.P2.el7_9.14.x86_64.rpm bind-pkcs11-utils-9.11.4-26.P2.el7_9.14.x86_64.rpm bind-utils-9.11.4-26.P2.el7_9.14.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: bind-debuginfo-9.11.4-26.P2.el7_9.14.i686.rpm bind-debuginfo-9.11.4-26.P2.el7_9.14.x86_64.rpm bind-devel-9.11.4-26.P2.el7_9.14.i686.rpm bind-devel-9.11.4-26.P2.el7_9.14.x86_64.rpm bind-export-devel-9.11.4-26.P2.el7_9.14.i686.rpm bind-export-devel-9.11.4-26.P2.el7_9.14.x86_64.rpm bind-lite-devel-9.11.4-26.P2.el7_9.14.i686.rpm bind-lite-devel-9.11.4-26.P2.el7_9.14.x86_64.rpm bind-pkcs11-devel-9.11.4-26.P2.el7_9.14.i686.rpm bind-pkcs11-devel-9.11.4-26.P2.el7_9.14.x86_64.rpm bind-sdb-9.11.4-26.P2.el7_9.14.x86_64.rpm bind-sdb-chroot-9.11.4-26.P2.el7_9.14.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2023-2828 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIcBAEBCAAGBQJktmwwAAoJENzjgjWX9erECFkP/jpr6CGwrkKLSxCbe0xj2xKM x4FbFmc0gvzGIBCbVez971Z6+sOqn5SoeLEpOFKGQAZcz3LeDdNRRTC9aahZ/M++ ki5wzcyXrxaCQ00uwPIO60RiKs1XeS6TwGx+FKM29WH4NED1bfEJTm+7OofPoNzu wuVgoHK0qbnuSFNJqmijDnE2/55vLo1EAzLac/jE0Dk1CUwDFXk8gh69xxK/AMKk 8i1bp2mpdLiDnfAcW/ZQbmfPfJ4zrCkVCbhfLIc+J2zEd7DGoNdnU5m8UDKa5ejF 7FIRiHWMO5kFFkIdkDNEcykrihAUFLbapMl+GLtWAIIMc98LN3+DSssSjIcUVDxq pjIRK6+m1SW8oYLonAiuU/EkVuV17aOm+6SvWwmO7GRsDtpE6fOErBCwqgkxp5+6 Clg37d5g0lGGjWWrxEdIc/+ynYzo/KEZv8H5XtemrOnn/r+fyqzbu8w73s1lvfrt fMi5mpWJABLv/Iv6l+7TJ77m9b3E9JJFG524+b/xuJDMazOHb3sQj7AHKwo2BNU/ jvdXWYP0v3FcYayoGI7zS4nrmORKGZ0cdMi+sD00aOkS8o5Y4gLwxS8+XU6YmaEM arIrgSRp43QxkXWYkAfUWXkB6Ar9rXQg7ScEgXNHR0U4mzvG/QwXtMER2OnAp801 X3CKula1WG3vwo9ldiQV =btLY -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Brief introduction Two vulnerbilities were found in maradns, an open source domain name system (DNS) implementation, that may lead to denial of service and . - ------------------------------------------------------------------------- Debian Security Advisory DSA-5441-1
Security fix for CVE-2023-31137, CVE-2022-30256. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2023-cdce244fb8 2023-05-25 00:59:24.928504 --------------------------------------------------------------------------------Name : maradns Product : Fedora 37 Version : 3.5.0036 Release : 1.fc37 URL : https://maradns.samiam.org/ Summary : Authoritative and recursive DNS server made with security in mind Description : MaraDNS is a package that implements the Domain Name Service (DNS), an essential internet service. MaraDNS has the following advantages: * Secure. * Supported. * Easy to use. * Small. * Open Source. --------------------------------------------------------------------------------Update Information: Security fix for CVE-2023-31137, CVE-2022-30256 --------------------------------------------------------------------------------ChangeLog: * Tue May 16 2023 Tomasz Torcz - 3.5.0036-1 - new version 3.5.0036 (rhbz#2149110, rhbz#2180267) - fixes CVE-2023-31137 (rhbz#2207551) --------------------------------------------------------------------------------References: [ 1 ] Bug #2207550 - CVE-2023-31137 maradns: integer underflow in DNS packet decompression https://bugzilla.redhat.com/show_bug.cgi?id=2207550 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-cdce244fb8' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list
An update for systemd is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: systemd security update Advisory ID: RHSA-2022:6206-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:6206 Issue date: 2022-08-29 CVE Names: CVE-2022-2526 ==================================================================== 1. Summary: An update for systemd is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es): * systemd-resolved: use-after-free when dealing with DnsStream in resolved-dns-stream.c (CVE-2022-2526) For more details about the security issue(s), including the impact, aCVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2109926 - CVE-2022-2526 systemd-resolved: use-after-free when dealing with DnsStream in resolved-dns-stream.c 6. Package List: Red Hat Enterprise Linux BaseOS (v.8): Source: systemd-239-58.el8_6.4.src.rpm aarch64: systemd-239-58.el8_6.4.aarch64.rpm systemd-container-239-58.el8_6.4.aarch64.rpm systemd-container-debuginfo-239-58.el8_6.4.aarch64.rpm systemd-debuginfo-239-58.el8_6.4.aarch64.rpm systemd-debugsource-239-58.el8_6.4.aarch64.rpm systemd-devel-239-58.el8_6.4.aarch64.rpm systemd-journal-remote-239-58.el8_6.4.aarch64.rpm systemd-journal-remote-debuginfo-239-58.el8_6.4.aarch64.rpm systemd-libs-239-58.el8_6.4.aarch64.rpm systemd-libs-debuginfo-239-58.el8_6.4.aarch64.rpm systemd-pam-239-58.el8_6.4.aarch64.rpm systemd-pam-debuginfo-239-58.el8_6.4.aarch64.rpm systemd-tests-239-58.el8_6.4.aarch64.rpm systemd-tests-debuginfo-239-58.el8_6.4.aarch64.rpm systemd-udev-239-58.el8_6.4.aarch64.rpm systemd-udev-debuginfo-239-58.el8_6.4.aarch64.rpm ppc64le: systemd-239-58.el8_6.4.ppc64le.rpm systemd-container-239-58.el8_6.4.ppc64le.rpm systemd-container-debuginfo-239-58.el8_6.4.ppc64le.rpm systemd-debuginfo-239-58.el8_6.4.ppc64le.rpm systemd-debugsource-239-58.el8_6.4.ppc64le.rpm systemd-devel-239-58.el8_6.4.ppc64le.rpm systemd-journal-remote-239-58.el8_6.4.ppc64le.rpm systemd-journal-remote-debuginfo-239-58.el8_6.4.ppc64le.rpm systemd-libs-239-58.el8_6.4.ppc64le.rpm systemd-libs-debuginfo-239-58.el8_6.4.ppc64le.rpm systemd-pam-239-58.el8_6.4.ppc64le.rpm systemd-pam-debuginfo-239-58.el8_6.4.ppc64le.rpm systemd-tests-239-58.el8_6.4.ppc64le.rpm systemd-tests-debuginfo-239-58.el8_6.4.ppc64le.rpm systemd-udev-239-58.el8_6.4.ppc64le.rpm systemd-udev-debuginfo-239-58.el8_6.4.ppc64le.rpm s390x: systemd-239-58.el8_6.4.s390x.rpm systemd-container-239-58.el8_6.4.s390x.rpm systemd-container-debuginfo-239-58.el8_6.4.s390x.rpm systemd-debuginfo-239-58.el8_6.4.s390x.rpm systemd-debugsource-239-58.el8_6.4.s390x.rpm systemd-devel-239-58.el8_6.4.s390x.rpm systemd-journal-remote-239-58.el8_6.4.s390x.rpm systemd-journal-remote-debuginfo-239-58.el8_6.4.s390x.rpm systemd-libs-239-58.el8_6.4.s390x.rpm systemd-libs-debuginfo-239-58.el8_6.4.s390x.rpm systemd-pam-239-58.el8_6.4.s390x.rpm systemd-pam-debuginfo-239-58.el8_6.4.s390x.rpm systemd-tests-239-58.el8_6.4.s390x.rpm systemd-tests-debuginfo-239-58.el8_6.4.s390x.rpm systemd-udev-239-58.el8_6.4.s390x.rpm systemd-udev-debuginfo-239-58.el8_6.4.s390x.rpm x86_64: systemd-239-58.el8_6.4.i686.rpm systemd-239-58.el8_6.4.x86_64.rpm systemd-container-239-58.el8_6.4.i686.rpm systemd-container-239-58.el8_6.4.x86_64.rpm systemd-container-debuginfo-239-58.el8_6.4.i686.rpm systemd-container-debuginfo-239-58.el8_6.4.x86_64.rpm systemd-debuginfo-239-58.el8_6.4.i686.rpm systemd-debuginfo-239-58.el8_6.4.x86_64.rpm systemd-debugsource-239-58.el8_6.4.i686.rpm systemd-debugsource-239-58.el8_6.4.x86_64.rpm systemd-devel-239-58.el8_6.4.i686.rpm systemd-devel-239-58.el8_6.4.x86_64.rpm systemd-journal-remote-239-58.el8_6.4.x86_64.rpm systemd-journal-remote-debuginfo-239-58.el8_6.4.i686.rpm systemd-journal-remote-debuginfo-239-58.el8_6.4.x86_64.rpm systemd-libs-239-58.el8_6.4.i686.rpm systemd-libs-239-58.el8_6.4.x86_64.rpm systemd-libs-debuginfo-239-58.el8_6.4.i686.rpm systemd-libs-debuginfo-239-58.el8_6.4.x86_64.rpm systemd-pam-239-58.el8_6.4.x86_64.rpm systemd-pam-debuginfo-239-58.el8_6.4.i686.rpm systemd-pam-debuginfo-239-58.el8_6.4.x86_64.rpm systemd-tests-239-58.el8_6.4.x86_64.rpm systemd-tests-debuginfo-239-58.el8_6.4.i686.rpm systemd-tests-debuginfo-239-58.el8_6.4.x86_64.rpm systemd-udev-239-58.el8_6.4.x86_64.rpm systemd-udev-debuginfo-239-58.el8_6.4.i686.rpm systemd-udev-debuginfo-239-58.el8_6.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2022-2526 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYw2otNzjgjWX9erEAQiR9A/+Lcc82rk+SP5y1uBqdkgGV6AFPEREgraF I8Q8ntGLFQTHZpzIfg9J9FMxfxGhXs/8rrhzD76IvEc1cFbooqNipNBPH0rLYxpA DZUcKsenqbF8Uql0s/N0UkWXA/lum4vxb82gcw20GGSB+l9FuFEBYs/d0KKEN4ZD PPWs2BYJhsqkOXgaDCx4bCfGW4giXdSHOOO0R/bJ0wr1rOqXOmW8rdpovVby5VYA oYvMnW8KO8zfVunpDV1mCt60jMm9jZgS9DYv5SjY1K/3PB7BjOkPRM8syhVpFGOD ca1yeICR9qEcCpTlZ1tRnCH3EtEjUYVCaq+RzvWrbfpIZaDS+qOINIFf5zWnzhY/ /NK71n9ZWXYsZ6ZFWtDuneGookFGKqqm1dBn+d/qIsgBu1x59xNaG0odupAjq+wQ s8FHtD6DxZY/ZzyUFqy8LjR3xlf4wPrYpUvZpopGbxULRGX0Gr2FsGDHrUDRGydq tsLJZvdPwebt7R+BKQ60A7Fx1lqRb/HqjSrsOekD6ALxVdiY8ENDldVv6V90cyxj 7F3CUfGgaA1BtUOpAg8f4jBdR8tG0ofPatmQ25shzdNYbXsVxyHV7RJ2bjL1r3BX LX9jvJkUJZOxYBnWG1BaNbmplCMJbHNq6PZgTA2tr0oQ2fepOKxGp7D327z0XV5/ U49f88Zz8rE=E+LL -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Get the latest Linux and open source security news straight to your inbox.