bind-9.11.36-8.el8.2

エラータID: AXSA:2023-6475:09

Release date: 
Friday, October 6, 2023 - 12:59
Subject: 
bind-9.11.36-8.el8.2
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.

Security Fix(es):

* bind: stack exhaustion in control channel code may lead to DoS (CVE-2023-3341)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2023-3341
The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel's configured TCP port is necessary. This issue affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1.

Solution: 

Update packages.

CVEs: 
CVE-2023-3341
The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel's configured TCP port is necessary. This issue affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1.
Additional Info: 

N/A

Download: 

SRPMS
  1. bind-9.11.36-8.el8.2.src.rpm
    MD5: 1a1cb43f03fdff71f239f5ac3de8638d
    SHA-256: 3b5cde06d0bfa1a95899dbc86e0656ae302ae4c2f71a01d0fe912aec1cccaec2
    Size: 8.15 MB

Asianux Server 8 for x86_64
  1. bind-9.11.36-8.el8.2.x86_64.rpm
    MD5: 18bd96f56b0b3bf561482af1f5563a4d
    SHA-256: f2337ba1c76bc7caf9fd1c686e69a0248efdedc1f21643549ab895bb344fe938
    Size: 2.13 MB
  2. bind-chroot-9.11.36-8.el8.2.x86_64.rpm
    MD5: ce0453cd6cb1fb6414624111848f01b5
    SHA-256: 5705e7dd3dd7c018c81f7867b8bea04d803c5ea1f88bc3437fb16891afc56baa
    Size: 105.09 kB
  3. bind-devel-9.11.36-8.el8.2.i686.rpm
    MD5: c807b7cb6dc20c71ba260afee1313ea5
    SHA-256: 6d06f25e511c84a8eed814c620255cb88ce52f5059909d86d04a09539e269054
    Size: 177.62 kB
  4. bind-devel-9.11.36-8.el8.2.x86_64.rpm
    MD5: 63faad1a33963f63afa2c7be66322bec
    SHA-256: 318f4439f59ad51b3fef49e90ecb0e834697a32b4b6f52505415d83703cc8127
    Size: 177.62 kB
  5. bind-export-devel-9.11.36-8.el8.2.i686.rpm
    MD5: 8d077a9ba57a6205d6d6de697afe25fb
    SHA-256: 448a98d1058a25afb783d3357636b2ad2de9a9e7397d079e943cd9b2e57c4568
    Size: 406.89 kB
  6. bind-export-devel-9.11.36-8.el8.2.x86_64.rpm
    MD5: d66d88ee5c05d574e102918238b2bd24
    SHA-256: bf1f7bc59fafc712dc68e770dde869584b218860cf00da0378ec1a1556e933ee
    Size: 406.86 kB
  7. bind-export-libs-9.11.36-8.el8.2.i686.rpm
    MD5: 59b84f3d6ca9accb3e6b1861795a51a1
    SHA-256: 1c5c6cb1e3c6cf69bd399863d3a02f561a7f16409278f1839c7f7d3b25fecb6a
    Size: 1.21 MB
  8. bind-export-libs-9.11.36-8.el8.2.x86_64.rpm
    MD5: 04d06eb6bdff85af100c3755fdafd494
    SHA-256: e79582aaaa76175464248996ea7f1f472ab57050ce5829b88a147cf526f73b8f
    Size: 1.14 MB
  9. bind-libs-9.11.36-8.el8.2.i686.rpm
    MD5: 72b44d5be7669076a93403ca86fb0a56
    SHA-256: c9923e6c79a3edc52a7fb77cf566f47b3a3f74dad9633600cfa2fd5ea672c9d2
    Size: 180.14 kB
  10. bind-libs-9.11.36-8.el8.2.x86_64.rpm
    MD5: fd1df17e6c7e007bd6bd1f4511699290
    SHA-256: 4027272cab977a33ae4d27692ce1ca9ae4eb9467322bc6e614ed696c9562c0ec
    Size: 174.64 kB
  11. bind-libs-lite-9.11.36-8.el8.2.i686.rpm
    MD5: 019469e578630df1aef15c4b5c72d3a7
    SHA-256: eb7419ed9e02794a93dc83c23af79fc0077b12f250c7fe5502c2dd31d1949112
    Size: 1.26 MB
  12. bind-libs-lite-9.11.36-8.el8.2.x86_64.rpm
    MD5: da0ac288e85ec2dca79608c75fe90d70
    SHA-256: ffddbb419c05031049e93f7e8b30519bd473708a4ade001a2b9c529e1f4cec6e
    Size: 1.18 MB
  13. bind-license-9.11.36-8.el8.2.noarch.rpm
    MD5: f7797d7b29849fe90db50e128e387078
    SHA-256: b95f0184b0d70dc0943ac333b98c1332fda4223acb20862cbea28feddcacbbd7
    Size: 102.98 kB
  14. bind-lite-devel-9.11.36-8.el8.2.i686.rpm
    MD5: 46b5c1420f2cf9d8dd26f8ff8f90e814
    SHA-256: 8102a12ab47c437a8bb67093396f8c7aae0abb68fe30daa6710d4e012f2fb339
    Size: 400.11 kB
  15. bind-lite-devel-9.11.36-8.el8.2.x86_64.rpm
    MD5: 3a6aab01400287c41e10913cb3b96745
    SHA-256: 59c7b72ea454c92abd610a36ef4caaca6f9df1764bd9893bed8a3b0e50cd0fe8
    Size: 400.11 kB
  16. bind-pkcs11-9.11.36-8.el8.2.x86_64.rpm
    MD5: 686e49b0a2a5cb91eda94bb39f805231
    SHA-256: e35cbb74bd819d8d483c3ed633432ab0361fb75d9c9475617d06d6e95966b27a
    Size: 398.11 kB
  17. bind-pkcs11-devel-9.11.36-8.el8.2.i686.rpm
    MD5: 24fd50716a2d9d2bca9c2039f0072c76
    SHA-256: f305f14060b4397be76b9dee7b41a2bd1254a62078cb211a16a66ce0332901aa
    Size: 115.19 kB
  18. bind-pkcs11-devel-9.11.36-8.el8.2.x86_64.rpm
    MD5: ac9a1628e5c8ea851adc6e29112c20eb
    SHA-256: ba4b26fb5086c661347d9722e7a732309610212c68f2a47f289cfaea8c7c004e
    Size: 115.18 kB
  19. bind-pkcs11-libs-9.11.36-8.el8.2.i686.rpm
    MD5: 3306014121e54e2063a4756dce0d0409
    SHA-256: 764a867647964abe133ff4d8264a6d6e3a78faee84ae5f1f3cf74a08466be336
    Size: 1.21 MB
  20. bind-pkcs11-libs-9.11.36-8.el8.2.x86_64.rpm
    MD5: eb1c0cdba0618ca51b55355f03784395
    SHA-256: 8917173cc28825b89470978dcf4f91246c5bb63fa64c062799095f2744422f32
    Size: 1.13 MB
  21. bind-pkcs11-utils-9.11.36-8.el8.2.x86_64.rpm
    MD5: 3d162d919e630a21662d955d4c0106b4
    SHA-256: 650559f0ccb8490eb77d12b3240e4116ea1fb814e0df79af24c3de552dc64f09
    Size: 260.21 kB
  22. bind-sdb-9.11.36-8.el8.2.x86_64.rpm
    MD5: 0682e6bb1cf97f946c16ad96ba004117
    SHA-256: d6ed8c519ff064ac2b0bdce07a3a19ef77c4dbccaa032d3191b8134f852db693
    Size: 457.85 kB
  23. bind-sdb-chroot-9.11.36-8.el8.2.x86_64.rpm
    MD5: a0cbf0de1695512535f50b8f2635d9d3
    SHA-256: 1173eece51cc3d1c0630efe5895594f4ce19bbce49f4f49a3d0c353fed3338d3
    Size: 104.73 kB
  24. bind-utils-9.11.36-8.el8.2.x86_64.rpm
    MD5: ca782779d0e420cb012955e3b28ad37c
    SHA-256: 7413306a3fd1a9b6c0efa8f4fc11eabe421d888fb36d44b7992f16cbebf03270
    Size: 451.81 kB
  25. python3-bind-9.11.36-8.el8.2.noarch.rpm
    MD5: b20f7241c5f391fbfa02657813efefb4
    SHA-256: efdfbf6428cb0d90bf9c752623d2fe8a20e414d113a7470eec8dc9e2a9e9d482
    Size: 150.24 kB