ALSA-2024:1781

[ALSA-2024:1781] Important: bind9.16 security update

Type:

security

Severity:

important

Release date:

2024-04-12

Description:

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.

Security Fix(es):

* bind9: Parsing large DNS messages may cause excessive CPU load (CVE-2023-4408)
* bind9: Querying RFC 1918 reverse zones may cause an assertion failure when “nxdomain-redirect” is enabled (CVE-2023-5517)
* bind9: Enabling both DNS64 and serve-stale may cause an assertion failure during recursive resolution (CVE-2023-5679)
* bind9: Specific recursive query patterns may lead to an out-of-memory condition (CVE-2023-6516)
* bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator (CVE-2023-50387)
* bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources (CVE-2023-50868)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	bind9.16-chroot-9.16.23-0.16.el8_9.2.alma.1.aarch64.rpm	0bec47db2c6dd03cda4ea5cce1be1ae2152a17b2a56c545cc4a16f28ba1039dc
aarch64	bind9.16-devel-9.16.23-0.16.el8_9.2.alma.1.aarch64.rpm	201414030854ad82a3b65eb89dcf7499dc6b50d6f59cd3c15bd2ed97aeab9ec8
aarch64	bind9.16-libs-9.16.23-0.16.el8_9.2.alma.1.aarch64.rpm	8e5f65486b12ff3e0a639809f91ad1ce7bd3e79fbd0a7911fb1b68e8d1076553
aarch64	bind9.16-9.16.23-0.16.el8_9.2.alma.1.aarch64.rpm	af25dc456ad8ac34366ba9a70000bdce50724691496c3b876953cb4eb976d9d7
aarch64	bind9.16-utils-9.16.23-0.16.el8_9.2.alma.1.aarch64.rpm	cc228da8d4809f36760c62cb8522ff0842c511e9f6ba828aceea40584fe05644
aarch64	bind9.16-dnssec-utils-9.16.23-0.16.el8_9.2.alma.1.aarch64.rpm	ec7187a5c6c01e9422d3d8593d226cbc2e873c0863e37e201bda488b6a04f9ec
i686	bind9.16-libs-9.16.23-0.16.el8_9.2.alma.1.i686.rpm	16c05c4597d31b1caaaf4943ed3bf78e257873bb8ea70c26e4d4bcbea7a3f384
i686	bind9.16-devel-9.16.23-0.16.el8_9.2.alma.1.i686.rpm	87a90684d74c65ea92a168bb3477509420734706833343d886fb5d42fc0f51e1
noarch	bind9.16-doc-9.16.23-0.16.el8_9.2.alma.1.noarch.rpm	4e921c16c9bc370a4cd96b878ead640cf36106e8a3d902ffcef8e7619a6e4f64
noarch	python3-bind9.16-9.16.23-0.16.el8_9.2.alma.1.noarch.rpm	9aa0b5ce2ad36cee36344a56133c6e27f97c17ea6a46cd6cfeac1bc0c87e24e4
noarch	bind9.16-license-9.16.23-0.16.el8_9.2.alma.1.noarch.rpm	a34d59c58904efcbf354db2e2ce517002b59ef992ba4c3342aeba2b511ab3367
ppc64le	bind9.16-chroot-9.16.23-0.16.el8_9.2.alma.1.ppc64le.rpm	023a8980c0a793116772078bbb13356c136d5f6e24e2e776600a963018f0853a
ppc64le	bind9.16-dnssec-utils-9.16.23-0.16.el8_9.2.alma.1.ppc64le.rpm	2937278d28902182e4af7d3b399f5e564c813cd7ad0f26ed0664a2f6fbc39be1
ppc64le	bind9.16-devel-9.16.23-0.16.el8_9.2.alma.1.ppc64le.rpm	6a8c3e13b37a2cb5022788a102c452028310ac7b890fd054c45ea8d00643e0a0
ppc64le	bind9.16-9.16.23-0.16.el8_9.2.alma.1.ppc64le.rpm	d257ca20a19934068030f8a76101bf81e9fc065d531ef8b86dd976cd447c4a28
ppc64le	bind9.16-utils-9.16.23-0.16.el8_9.2.alma.1.ppc64le.rpm	e40fea5a6e06d834dd6986814ff1c20b977dc87490fdf469315df27a80c23b32
ppc64le	bind9.16-libs-9.16.23-0.16.el8_9.2.alma.1.ppc64le.rpm	e417b7f7713b0375b1b388770ead514967c6f1566cd8867b3ce24c543669d23a
s390x	bind9.16-9.16.23-0.16.el8_9.2.alma.1.s390x.rpm	2706ae492ffe1cce626f816cbfcdffe6823a3fbed377cf668ea284d8e654f6fa
s390x	bind9.16-dnssec-utils-9.16.23-0.16.el8_9.2.alma.1.s390x.rpm	3ae7cba7075fa3c1f18f523eb34add46779c79ef621b39b660cc759328de30d8
s390x	bind9.16-libs-9.16.23-0.16.el8_9.2.alma.1.s390x.rpm	6300f4d6034bdb3af91ca350eaa1718bb4c6260fc0e7099406524ff9c159668e
s390x	bind9.16-utils-9.16.23-0.16.el8_9.2.alma.1.s390x.rpm	6c5d6b27ce8411445e020ee8194bb608835a5652388444a925505f97ac078bfe
s390x	bind9.16-chroot-9.16.23-0.16.el8_9.2.alma.1.s390x.rpm	93362426709d0fb09b1d0be40049db98d42791b2535ca33eb3d8e2a18688b63a
s390x	bind9.16-devel-9.16.23-0.16.el8_9.2.alma.1.s390x.rpm	f291a225db689d7e75d3c4263c57bdb5c0c911a73586af7d795db1129516a795
x86_64	bind9.16-utils-9.16.23-0.16.el8_9.2.alma.1.x86_64.rpm	2487312fcd73ca2100d56a032dd5eb86f9e32f25e920251cdf158275c08cffc0
x86_64	bind9.16-dnssec-utils-9.16.23-0.16.el8_9.2.alma.1.x86_64.rpm	534f1a70ba7a6af7ac631ec63a434af2a8d07b8dc2d3f78c62c96278480d17de
x86_64	bind9.16-libs-9.16.23-0.16.el8_9.2.alma.1.x86_64.rpm	79c865f38dac3aaf9163cfb13cbced9576af1acbe0f390c40caba4644402c72e
x86_64	bind9.16-9.16.23-0.16.el8_9.2.alma.1.x86_64.rpm	7fec04ee4eda2ab9ee7aa700847d90b8ab6d312d4f547b89cba7a6fac3e8d0b6
x86_64	bind9.16-chroot-9.16.23-0.16.el8_9.2.alma.1.x86_64.rpm	b158b7606f71f40da561e4566fcfd2dd18249beceb93493853b77529ceb8e8b4
x86_64	bind9.16-devel-9.16.23-0.16.el8_9.2.alma.1.x86_64.rpm	bb85f17dc5dfa06ae3e9046043f26dcc1178d8faea02ec08c57cb8f58669eb82

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.