bind9.16-9.16.23-0.22.el8_10

エラータID: AXSA:2024-8665:02

Release date: 
Thursday, August 15, 2024 - 16:05
Subject: 
bind9.16-9.16.23-0.22.el8_10
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.

Security Fix(es):

* bind: bind9: BIND's database will be slow if a very large number of RRs exist at the same nam (CVE-2024-1737)
* bind9: bind: SIG(0) can be used to exhaust CPU resources (CVE-2024-1975)
* bind: bind9: Assertion failure when serving both stale cache data and authoritative zone content (CVE-2024-4076)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-1737
Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.4-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.
CVE-2024-1975
If a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG(0) signed requests. This issue affects BIND 9 versions 9.0.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.49-S1, and 9.18.11-S1 through 9.18.27-S1.
CVE-2024-4076
Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure. This issue affects BIND 9 versions 9.16.13 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.33-S1 through 9.11.37-S1, 9.16.13-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.

Solution: 

Update packages.

CVEs: 
CVE-2024-1737
Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.4-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.
CVE-2024-1975
If a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG(0) signed requests. This issue affects BIND 9 versions 9.0.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.49-S1, and 9.18.11-S1 through 9.18.27-S1.
CVE-2024-4076
Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure. This issue affects BIND 9 versions 9.16.13 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.33-S1 through 9.11.37-S1, 9.16.13-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.
Additional Info: 

N/A

Download: 

SRPMS
  1. bind9.16-9.16.23-0.22.el8_10.src.rpm
    MD5: f1a09f563832ac3017c529ef55e8cf65
    SHA-256: 24923d4af4c542d7800afce5da189af8c203eea6bcb8bafd0d0a8e47e0362109
    Size: 5.15 MB

Asianux Server 8 for x86_64
  1. bind9.16-9.16.23-0.22.el8_10.x86_64.rpm
    MD5: 6a985b0b73080c27be92374e3bf7ab25
    SHA-256: 5b6a264167c66cc184279a35e6efda28f513c431f061f6f7254aa5ee1f5541ba
    Size: 604.23 kB
  2. bind9.16-chroot-9.16.23-0.22.el8_10.x86_64.rpm
    MD5: be597024a05375c096f62d1e44c0b253
    SHA-256: d3cf746f905488e46aacb9da5e8b2f23885594d0b96783a31d0ca35e66df98cd
    Size: 111.96 kB
  3. bind9.16-devel-9.16.23-0.22.el8_10.i686.rpm
    MD5: cae71d98985a5fafa2d692a5f3166bb0
    SHA-256: 5143ec356ec9eaf47a0d4e861186f53a491f4263d1b744cec69b165e4a68f605
    Size: 427.91 kB
  4. bind9.16-devel-9.16.23-0.22.el8_10.x86_64.rpm
    MD5: f5195a9f74379bb8604ea18cbc1cfcfe
    SHA-256: 8bb0a78dfcc69c9cf033f2dbd9dafce8107c93315f4f82bfc8c0c6e67107221c
    Size: 427.88 kB
  5. bind9.16-dnssec-utils-9.16.23-0.22.el8_10.x86_64.rpm
    MD5: 570471a6d7cdcfc69a558a05d4d14bc5
    SHA-256: 083d62d08df725356f7f811829732d9d524360a24ab4aecc6076ee6f49a8dbe9
    Size: 245.21 kB
  6. bind9.16-doc-9.16.23-0.22.el8_10.noarch.rpm
    MD5: f32c12d3fa2589bddbb2036fbbbe63f2
    SHA-256: bcf2acddefc64a47bfc0fb2e22448508e1ef655fd023e6dbe069d519ae4260b5
    Size: 3.67 MB
  7. bind9.16-libs-9.16.23-0.22.el8_10.i686.rpm
    MD5: 8ffd03272cf68c2d137a943f889af407
    SHA-256: e1e3ee191818c55eed594972999cc5b9ddfba235345df14d15506bfe33b7b621
    Size: 1.46 MB
  8. bind9.16-libs-9.16.23-0.22.el8_10.x86_64.rpm
    MD5: e304e7667a390bc8229ef421a4335305
    SHA-256: d4c6f73b696940f5c1aae0204c3c045e0db2609b4c3d811ecaddb71cb4e299ee
    Size: 1.36 MB
  9. bind9.16-license-9.16.23-0.22.el8_10.noarch.rpm
    MD5: 78e825f878620df6870b986e5912987c
    SHA-256: 47768b9470b0520308bba4b22d1b315d04f58200b858e042e86daa946683a44c
    Size: 108.20 kB
  10. bind9.16-utils-9.16.23-0.22.el8_10.x86_64.rpm
    MD5: feb8c14cffd6626bbbb833efdd152ead
    SHA-256: 1be545c9d2758ae3d484a6f193e4b445c237f136db561d48f5e8fc4942a7920f
    Size: 290.27 kB
  11. python3-bind9.16-9.16.23-0.22.el8_10.noarch.rpm
    MD5: 157ebdfddf8f898eeb12845219704e11
    SHA-256: 5af27b7513b5742080976c6a3591e51731901d932dfe105991e7d206cbbd37a2
    Size: 156.49 kB