bind-9.18.19-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:13249 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z bind-9.18.19-1.1 on GA media These are all security issues fixed in the bind-9.18.19-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-13249 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:13249 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2023-3341/ SUSE CVE CVE-2023-3341 page https://www.suse.com/security/cve/CVE-2023-4236/ SUSE CVE CVE-2023-4236 page openSUSE Tumbleweed bind-9.18.19-1.1 bind-doc-9.18.19-1.1 bind-modules-bdbhpt-9.18.19-1.1 bind-modules-generic-9.18.19-1.1 bind-modules-ldap-9.18.19-1.1 bind-modules-mysql-9.18.19-1.1 bind-modules-perl-9.18.19-1.1 bind-modules-sqlite3-9.18.19-1.1 bind-utils-9.18.19-1.1 bind-9.18.19-1.1 as a component of openSUSE Tumbleweed bind-doc-9.18.19-1.1 as a component of openSUSE Tumbleweed bind-modules-bdbhpt-9.18.19-1.1 as a component of openSUSE Tumbleweed bind-modules-generic-9.18.19-1.1 as a component of openSUSE Tumbleweed bind-modules-ldap-9.18.19-1.1 as a component of openSUSE Tumbleweed bind-modules-mysql-9.18.19-1.1 as a component of openSUSE Tumbleweed bind-modules-perl-9.18.19-1.1 as a component of openSUSE Tumbleweed bind-modules-sqlite3-9.18.19-1.1 as a component of openSUSE Tumbleweed bind-utils-9.18.19-1.1 as a component of openSUSE Tumbleweed The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel's configured TCP port is necessary. This issue affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1. CVE-2023-3341 openSUSE Tumbleweed:bind-9.18.19-1.1 openSUSE Tumbleweed:bind-doc-9.18.19-1.1 openSUSE Tumbleweed:bind-modules-bdbhpt-9.18.19-1.1 openSUSE Tumbleweed:bind-modules-generic-9.18.19-1.1 openSUSE Tumbleweed:bind-modules-ldap-9.18.19-1.1 openSUSE Tumbleweed:bind-modules-mysql-9.18.19-1.1 openSUSE Tumbleweed:bind-modules-perl-9.18.19-1.1 openSUSE Tumbleweed:bind-modules-sqlite3-9.18.19-1.1 openSUSE Tumbleweed:bind-utils-9.18.19-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-3341.html CVE-2023-3341 https://bugzilla.suse.com/1215472 SUSE Bug 1215472 https://bugzilla.suse.com/1216764 SUSE Bug 1216764 https://bugzilla.suse.com/1217453 SUSE Bug 1217453 https://bugzilla.suse.com/1217551 SUSE Bug 1217551 https://bugzilla.suse.com/1217600 SUSE Bug 1217600 https://bugzilla.suse.com/1221586 SUSE Bug 1221586 https://bugzilla.suse.com/1223092 SUSE Bug 1223092 A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure. This happens when internal data structures are incorrectly reused under significant DNS-over-TLS query load. This issue affects BIND 9 versions 9.18.0 through 9.18.18 and 9.18.11-S1 through 9.18.18-S1. CVE-2023-4236 openSUSE Tumbleweed:bind-9.18.19-1.1 openSUSE Tumbleweed:bind-doc-9.18.19-1.1 openSUSE Tumbleweed:bind-modules-bdbhpt-9.18.19-1.1 openSUSE Tumbleweed:bind-modules-generic-9.18.19-1.1 openSUSE Tumbleweed:bind-modules-ldap-9.18.19-1.1 openSUSE Tumbleweed:bind-modules-mysql-9.18.19-1.1 openSUSE Tumbleweed:bind-modules-perl-9.18.19-1.1 openSUSE Tumbleweed:bind-modules-sqlite3-9.18.19-1.1 openSUSE Tumbleweed:bind-utils-9.18.19-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-4236.html CVE-2023-4236 https://bugzilla.suse.com/1215471 SUSE Bug 1215471