7.Locks HexConnections

Several remotely exploitable security issues were found in the Bind Internet Domain Name Server. It was discovered that Bind incorrectly handled the cache size limit (CVE-2023-2828) and the recursive-clients quota (CVE-2023-2911). With a low attack complexity and a high availability impact, these bugs have received a National Vulnerability Database severity rating of “High”.

A remote attacker could possibly use these issues to consume memory or to cause Bind to crash, resulting in a denial of service (DoS).

An important Bind security update that fixes these DoS bugs has been released. We strongly recommend that all impacted users apply the Bind updates issued by their distro(s) now to prevent downtime due to an attack.

To stay on top of important updates released by the open-source programs and applications you use, be sure to register as a LinuxSecurity user, then subscribe to our Linux Advisory Watch newsletter and customize your advisories for the distro(s) you use. This will enable you to stay up-to-date on the latest, most significant issues impacting the security of your systems.

Follow @LS_Advisories on Twitter for real-time updates on advisories for your distro(s).