From $URL: " - CVE-2023-4408: Parsing large DNS messages may cause excessive CPU load https://kb.isc.org/docs/cve-2023-4408 - CVE-2023-5517: Querying RFC 1918 reverse zones may cause an assertion failure when "nxdomain-redirect" is enabled https://kb.isc.org/docs/cve-2023-5517 - CVE-2023-5679: Enabling both DNS64 and serve-stale may cause an assertion failure during recursive resolution https://kb.isc.org/docs/cve-2023-5679 - CVE-2023-6516: Specific recursive query patterns may lead to an out-of-memory condition https://kb.isc.org/docs/cve-2023-6516 - CVE-2023-50387: KeyTrap - Extreme CPU consumption in DNSSEC validator https://kb.isc.org/docs/cve-2023-50387 - CVE-2023-50868: Preparing an NSEC3 closest encloser proof can exhaust CPU resources https://kb.isc.org/docs/cve-2023-50868 " Bind 9.16.48 was released that includes fixes.
Note there's other older bind security bugs waiting for PRs to merge - https://bugs.gentoo.org/914365 (CVE-2023-3341) and https://bugs.gentoo.org/919679 Addressing this would also close those.
*** Bug 924511 has been marked as a duplicate of this bug. ***
*** Bug 919679 has been marked as a duplicate of this bug. ***
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cf1630aa52f634b69a08ffd7e18fb07d57d92f0e commit cf1630aa52f634b69a08ffd7e18fb07d57d92f0e Author: Hank Leininger <hlein@korelogic.com> AuthorDate: 2024-02-14 00:44:21 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-02-18 10:48:21 +0000 net-dns/bind-tools: add 9.16.48 Signed-off-by: Hank Leininger <hlein@korelogic.com> Bug: https://bugs.gentoo.org/924447 Bug: https://bugs.gentoo.org/914365 Bug: https://bugs.gentoo.org/919679 Signed-off-by: Sam James <sam@gentoo.org> net-dns/bind-tools/Manifest | 1 + net-dns/bind-tools/bind-tools-9.16.48.ebuild | 167 +++++++++++++++++++++++++++ 2 files changed, 168 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3a319063509bd1c35f3cc25cbe21ea5d1be7e2fa commit 3a319063509bd1c35f3cc25cbe21ea5d1be7e2fa Author: Hank Leininger <hlein@korelogic.com> AuthorDate: 2024-02-14 00:43:06 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-02-18 10:48:21 +0000 net-dns/bind: add 9.16.48 Signed-off-by: Hank Leininger <hlein@korelogic.com> Bug: https://bugs.gentoo.org/924447 Bug: https://bugs.gentoo.org/914365 Bug: https://bugs.gentoo.org/919679 Closes: https://bugs.gentoo.org/923781 Signed-off-by: Sam James <sam@gentoo.org> net-dns/bind/Manifest | 1 + net-dns/bind/bind-9.16.48.ebuild | 389 ++++++++++++++++++++++++++++++++++++++ net-dns/bind/files/named.cache-r4 | 92 +++++++++ 3 files changed, 482 insertions(+)
commit 642f553d9178029209ad83c03a6ae66d426fe657 Author: Volkmar W. Pogatzki <gentoo@pogatzki.net> Date: Thu Mar 21 13:01:08 2024 +0100 net-dns/bind: drop 9.16.42 Closes: https://bugs.gentoo.org/914152 Signed-off-by: Volkmar W. Pogatzki <gentoo@pogatzki.net> Closes: https://github.com/gentoo/gentoo/pull/35852 Signed-off-by: Sam James <sam@gentoo.org> commit 3c20b96db1dfeeba7a428980429c080c574954ec Author: Sam James <sam@gentoo.org> Date: Tue Apr 30 07:35:51 2024 +0100 net-dns/bind-tools: drop 9.16.42 Signed-off-by: Sam James <sam@gentoo.org>
