"As part of our policy of pre-notification of upcoming security releases, we are writing to inform you that the January 2023 BIND 9 maintenance releases that will be published on Wednesday, 25 January will contain patches for security vulnerabilities affecting stable BIND 9 release branches."
"On 25 January 2023 we (Internet Systems Consortium) disclosed three vulnerabilities affecting our BIND 9 software: - CVE-2022-3094: An UPDATE message flood may cause named to exhaust all available memory https://kb.isc.org/docs/cve-2022-3094 - CVE-2022-3736: named configured to answer from stale cache may terminate unexpectedly while processing RRSIG queries https://kb.isc.org/docs/cve-2022-3736 - CVE-2022-3924: named configured to answer from stale cache may terminate unexpectedly at recursive-clients soft quota https://kb.isc.org/docs/cve-2022-3924" Fixes in 9.16.37. Please bump.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=09f39d25aef1b24fc65a59f6d8386d9291fe6421 commit 09f39d25aef1b24fc65a59f6d8386d9291fe6421 Author: Sam James <sam@gentoo.org> AuthorDate: 2023-01-28 07:58:40 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-01-28 08:08:33 +0000 net-dns/bind-tools: add 9.16.37 Bug: https://bugs.gentoo.org/891329 Signed-off-by: Sam James <sam@gentoo.org> net-dns/bind-tools/Manifest | 1 + net-dns/bind-tools/bind-tools-9.16.37.ebuild | 157 +++++++++++++++++++++++++++ 2 files changed, 158 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4c3337706084b9c42a6387ce771a259357f9ec5e commit 4c3337706084b9c42a6387ce771a259357f9ec5e Author: Sam James <sam@gentoo.org> AuthorDate: 2023-01-28 07:53:49 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-01-28 08:08:32 +0000 net-dns/bind: add 9.16.37 Bug: https://bugs.gentoo.org/891329 Signed-off-by: Sam James <sam@gentoo.org> net-dns/bind/Manifest | 1 + net-dns/bind/bind-9.16.37.ebuild | 382 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 383 insertions(+)
Please cleanup
