Summary: | <net-dns/bind-9.16.37: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | IN_PROGRESS --- | ||
Severity: | minor | CC: | chutzpah, hydrapolic |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://lists.isc.org/pipermail/bind-announce/2023-January/001228.html | ||
Whiteboard: | B3 [glsa?] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 894486 | ||
Bug Blocks: |
Description
John Helmert III
![]() ![]() ![]() ![]() "On 25 January 2023 we (Internet Systems Consortium) disclosed three vulnerabilities affecting our BIND 9 software: - CVE-2022-3094: An UPDATE message flood may cause named to exhaust all available memory https://kb.isc.org/docs/cve-2022-3094 - CVE-2022-3736: named configured to answer from stale cache may terminate unexpectedly while processing RRSIG queries https://kb.isc.org/docs/cve-2022-3736 - CVE-2022-3924: named configured to answer from stale cache may terminate unexpectedly at recursive-clients soft quota https://kb.isc.org/docs/cve-2022-3924" Fixes in 9.16.37. Please bump. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=09f39d25aef1b24fc65a59f6d8386d9291fe6421 commit 09f39d25aef1b24fc65a59f6d8386d9291fe6421 Author: Sam James <sam@gentoo.org> AuthorDate: 2023-01-28 07:58:40 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-01-28 08:08:33 +0000 net-dns/bind-tools: add 9.16.37 Bug: https://bugs.gentoo.org/891329 Signed-off-by: Sam James <sam@gentoo.org> net-dns/bind-tools/Manifest | 1 + net-dns/bind-tools/bind-tools-9.16.37.ebuild | 157 +++++++++++++++++++++++++++ 2 files changed, 158 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4c3337706084b9c42a6387ce771a259357f9ec5e commit 4c3337706084b9c42a6387ce771a259357f9ec5e Author: Sam James <sam@gentoo.org> AuthorDate: 2023-01-28 07:53:49 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-01-28 08:08:32 +0000 net-dns/bind: add 9.16.37 Bug: https://bugs.gentoo.org/891329 Signed-off-by: Sam James <sam@gentoo.org> net-dns/bind/Manifest | 1 + net-dns/bind/bind-9.16.37.ebuild | 382 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 383 insertions(+) Please cleanup |