bind-9.20.5-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2025:15781 Final 1 1 2025-01-31T00:00:00Z current 2025-01-31T00:00:00Z 2025-01-31T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z bind-9.20.5-1.1 on GA media These are all security issues fixed in the bind-9.20.5-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2025-15781 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2024-11187/ SUSE CVE CVE-2024-11187 page https://www.suse.com/security/cve/CVE-2024-12705/ SUSE CVE CVE-2024-12705 page openSUSE Tumbleweed bind-9.20.5-1.1 bind-doc-9.20.5-1.1 bind-modules-bdbhpt-9.20.5-1.1 bind-modules-generic-9.20.5-1.1 bind-modules-ldap-9.20.5-1.1 bind-modules-mysql-9.20.5-1.1 bind-modules-perl-9.20.5-1.1 bind-modules-sqlite3-9.20.5-1.1 bind-utils-9.20.5-1.1 bind-9.20.5-1.1 as a component of openSUSE Tumbleweed bind-doc-9.20.5-1.1 as a component of openSUSE Tumbleweed bind-modules-bdbhpt-9.20.5-1.1 as a component of openSUSE Tumbleweed bind-modules-generic-9.20.5-1.1 as a component of openSUSE Tumbleweed bind-modules-ldap-9.20.5-1.1 as a component of openSUSE Tumbleweed bind-modules-mysql-9.20.5-1.1 as a component of openSUSE Tumbleweed bind-modules-perl-9.20.5-1.1 as a component of openSUSE Tumbleweed bind-modules-sqlite3-9.20.5-1.1 as a component of openSUSE Tumbleweed bind-utils-9.20.5-1.1 as a component of openSUSE Tumbleweed It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources processing the queries. Zones will usually need to have been deliberately crafted to attack this exposure. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.32-S1. CVE-2024-11187 openSUSE Tumbleweed:bind-9.20.5-1.1 openSUSE Tumbleweed:bind-doc-9.20.5-1.1 openSUSE Tumbleweed:bind-modules-bdbhpt-9.20.5-1.1 openSUSE Tumbleweed:bind-modules-generic-9.20.5-1.1 openSUSE Tumbleweed:bind-modules-ldap-9.20.5-1.1 openSUSE Tumbleweed:bind-modules-mysql-9.20.5-1.1 openSUSE Tumbleweed:bind-modules-perl-9.20.5-1.1 openSUSE Tumbleweed:bind-modules-sqlite3-9.20.5-1.1 openSUSE Tumbleweed:bind-utils-9.20.5-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-11187.html CVE-2024-11187 https://bugzilla.suse.com/1236596 SUSE Bug 1236596 Clients using DNS-over-HTTPS (DoH) can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic. This issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 through 9.18.32-S1. CVE-2024-12705 openSUSE Tumbleweed:bind-9.20.5-1.1 openSUSE Tumbleweed:bind-doc-9.20.5-1.1 openSUSE Tumbleweed:bind-modules-bdbhpt-9.20.5-1.1 openSUSE Tumbleweed:bind-modules-generic-9.20.5-1.1 openSUSE Tumbleweed:bind-modules-ldap-9.20.5-1.1 openSUSE Tumbleweed:bind-modules-mysql-9.20.5-1.1 openSUSE Tumbleweed:bind-modules-perl-9.20.5-1.1 openSUSE Tumbleweed:bind-modules-sqlite3-9.20.5-1.1 openSUSE Tumbleweed:bind-utils-9.20.5-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-12705.html CVE-2024-12705 https://bugzilla.suse.com/1236597 SUSE Bug 1236597