oss-sec mailing list archives
ISC has disclosed six vulnerabilities in BIND 9 (CVE-2023-4408, CVE-2023-5517, CVE-2023-5679, CVE-2023-6516, CVE-2023-50387, CVE-2023-50868)
From: Michał Kępień <michal () isc org>
Date: Tue, 13 Feb 2024 14:39:32 +0100
On 13 February 2024 we (Internet Systems Consortium) disclosed six vulnerabilities affecting our BIND 9 software: - CVE-2023-4408: Parsing large DNS messages may cause excessive CPU load https://kb.isc.org/docs/cve-2023-4408 - CVE-2023-5517: Querying RFC 1918 reverse zones may cause an assertion failure when "nxdomain-redirect" is enabled https://kb.isc.org/docs/cve-2023-5517 - CVE-2023-5679: Enabling both DNS64 and serve-stale may cause an assertion failure during recursive resolution https://kb.isc.org/docs/cve-2023-5679 - CVE-2023-6516: Specific recursive query patterns may lead to an out-of-memory condition https://kb.isc.org/docs/cve-2023-6516 - CVE-2023-50387: KeyTrap - Extreme CPU consumption in DNSSEC validator https://kb.isc.org/docs/cve-2023-50387 - CVE-2023-50868: Preparing an NSEC3 closest encloser proof can exhaust CPU resources https://kb.isc.org/docs/cve-2023-50868 New versions of BIND 9 are available from https://www.isc.org/downloads Operators and package maintainers who prefer to apply patches selectively can find individual vulnerability-specific patches in the "patches" subdirectory of each published release directory: - https://downloads.isc.org/isc/bind9/9.16.48/patches/ - https://downloads.isc.org/isc/bind9/9.18.24/patches/ - https://downloads.isc.org/isc/bind9/9.19.21/patches/ With the public announcement of these vulnerabilities, the embargo period is ended and any updated software packages that have been prepared may be released. -- Best regards, Michał Kępień
Current thread:
- ISC has disclosed six vulnerabilities in BIND 9 (CVE-2023-4408, CVE-2023-5517, CVE-2023-5679, CVE-2023-6516, CVE-2023-50387, CVE-2023-50868) Michał Kępień (Feb 13)