Security update for bind SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:0355-1 Final 1 1 2025-02-04T12:59:26Z current 2025-02-04T12:59:26Z 2025-02-04T12:59:26Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for bind This update for bind fixes the following issues: Update to release 9.18.33 Security Fixes: - CVE-2024-11187: Fixes CPU exhaustion caused by many records in the additional section (bsc#1236596) - CVE-2024-12705: Fixes multiple issues in DNS-over-HTTPS implementation when under heavy query load (bsc#1236597) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container suse/manager/5.0/x86_64/server:latest-2025-355,Image SLES15-SP6-2025-355,Image SLES15-SP6-BYOS-2025-355,Image SLES15-SP6-BYOS-GCE-2025-355,Image SLES15-SP6-CHOST-BYOS-2025-355,Image SLES15-SP6-CHOST-BYOS-Azure-2025-355,Image SLES15-SP6-CHOST-BYOS-EC2-2025-355,Image SLES15-SP6-CHOST-BYOS-GCE-2025-355,Image SLES15-SP6-CHOST-BYOS-GDC-2025-355,Image SLES15-SP6-CHOST-BYOS-SAP-CCloud-2025-355,Image SLES15-SP6-GCE-2025-355,Image SLES15-SP6-Hardened-BYOS-2025-355,Image SLES15-SP6-Hardened-BYOS-GCE-2025-355,Image SLES15-SP6-SAP-BYOS-2025-355,Image SLES15-SP6-SAP-BYOS-EC2-2025-355,Image SLES15-SP6-SAP-BYOS-GCE-2025-355,SUSE-2025-355,SUSE-SLE-Module-Basesystem-15-SP6-2025-355,SUSE-SLE-Module-Server-Applications-15-SP6-2025-355,openSUSE-SLE-15.6-2025-355 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-20250355-1/ Link for SUSE-SU-2025:0355-1 https://lists.suse.com/pipermail/sle-security-updates/2025-February/020283.html E-Mail link for SUSE-SU-2025:0355-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1236596 SUSE Bug 1236596 https://bugzilla.suse.com/1236597 SUSE Bug 1236597 https://www.suse.com/security/cve/CVE-2024-11187/ SUSE CVE CVE-2024-11187 page https://www.suse.com/security/cve/CVE-2024-12705/ SUSE CVE CVE-2024-12705 page Container suse/manager/5.0/x86_64/server:latest Image SLES15-SP6 Image SLES15-SP6-BYOS Image SLES15-SP6-BYOS-GCE Image SLES15-SP6-CHOST-BYOS Image SLES15-SP6-CHOST-BYOS-Azure Image SLES15-SP6-CHOST-BYOS-EC2 Image SLES15-SP6-CHOST-BYOS-GCE Image SLES15-SP6-CHOST-BYOS-GDC Image SLES15-SP6-CHOST-BYOS-SAP-CCloud Image SLES15-SP6-GCE Image SLES15-SP6-Hardened-BYOS Image SLES15-SP6-Hardened-BYOS-GCE Image SLES15-SP6-SAP-BYOS Image SLES15-SP6-SAP-BYOS-EC2 Image SLES15-SP6-SAP-BYOS-GCE SUSE Linux Enterprise Module for Basesystem 15 SP6 SUSE Linux Enterprise Module for Server Applications 15 SP6 openSUSE Leap 15.6 bind-utils-9.18.33-150600.3.6.1 bind-9.18.33-150600.3.6.1 bind-doc-9.18.33-150600.3.6.1 bind-utils-9.18.33-150600.3.6.1 as a component of Container suse/manager/5.0/x86_64/server:latest bind-utils-9.18.33-150600.3.6.1 as a component of Image SLES15-SP6 bind-utils-9.18.33-150600.3.6.1 as a component of Image SLES15-SP6-BYOS bind-utils-9.18.33-150600.3.6.1 as a component of Image SLES15-SP6-BYOS-GCE bind-utils-9.18.33-150600.3.6.1 as a component of Image SLES15-SP6-CHOST-BYOS bind-utils-9.18.33-150600.3.6.1 as a component of Image SLES15-SP6-CHOST-BYOS-Azure bind-utils-9.18.33-150600.3.6.1 as a component of Image SLES15-SP6-CHOST-BYOS-EC2 bind-utils-9.18.33-150600.3.6.1 as a component of Image SLES15-SP6-CHOST-BYOS-GCE bind-utils-9.18.33-150600.3.6.1 as a component of Image SLES15-SP6-CHOST-BYOS-GDC bind-utils-9.18.33-150600.3.6.1 as a component of Image SLES15-SP6-CHOST-BYOS-SAP-CCloud bind-utils-9.18.33-150600.3.6.1 as a component of Image SLES15-SP6-GCE bind-utils-9.18.33-150600.3.6.1 as a component of Image SLES15-SP6-Hardened-BYOS bind-utils-9.18.33-150600.3.6.1 as a component of Image SLES15-SP6-Hardened-BYOS-GCE bind-utils-9.18.33-150600.3.6.1 as a component of Image SLES15-SP6-SAP-BYOS bind-utils-9.18.33-150600.3.6.1 as a component of Image SLES15-SP6-SAP-BYOS-EC2 bind-utils-9.18.33-150600.3.6.1 as a component of Image SLES15-SP6-SAP-BYOS-GCE bind-utils-9.18.33-150600.3.6.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 bind-9.18.33-150600.3.6.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP6 bind-doc-9.18.33-150600.3.6.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP6 bind-9.18.33-150600.3.6.1 as a component of openSUSE Leap 15.6 bind-doc-9.18.33-150600.3.6.1 as a component of openSUSE Leap 15.6 bind-utils-9.18.33-150600.3.6.1 as a component of openSUSE Leap 15.6 It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources processing the queries. Zones will usually need to have been deliberately crafted to attack this exposure. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.32-S1. CVE-2024-11187 Container suse/manager/5.0/x86_64/server:latest:bind-utils-9.18.33-150600.3.6.1 Image SLES15-SP6-BYOS-GCE:bind-utils-9.18.33-150600.3.6.1 Image SLES15-SP6-BYOS:bind-utils-9.18.33-150600.3.6.1 Image SLES15-SP6-CHOST-BYOS-Azure:bind-utils-9.18.33-150600.3.6.1 Image SLES15-SP6-CHOST-BYOS-EC2:bind-utils-9.18.33-150600.3.6.1 Image SLES15-SP6-CHOST-BYOS-GCE:bind-utils-9.18.33-150600.3.6.1 Image SLES15-SP6-CHOST-BYOS-GDC:bind-utils-9.18.33-150600.3.6.1 Image SLES15-SP6-CHOST-BYOS-SAP-CCloud:bind-utils-9.18.33-150600.3.6.1 Image SLES15-SP6-CHOST-BYOS:bind-utils-9.18.33-150600.3.6.1 Image SLES15-SP6-GCE:bind-utils-9.18.33-150600.3.6.1 Image SLES15-SP6-Hardened-BYOS-GCE:bind-utils-9.18.33-150600.3.6.1 Image SLES15-SP6-Hardened-BYOS:bind-utils-9.18.33-150600.3.6.1 Image SLES15-SP6-SAP-BYOS-EC2:bind-utils-9.18.33-150600.3.6.1 Image SLES15-SP6-SAP-BYOS-GCE:bind-utils-9.18.33-150600.3.6.1 Image SLES15-SP6-SAP-BYOS:bind-utils-9.18.33-150600.3.6.1 Image SLES15-SP6:bind-utils-9.18.33-150600.3.6.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:bind-utils-9.18.33-150600.3.6.1 SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-9.18.33-150600.3.6.1 SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-doc-9.18.33-150600.3.6.1 openSUSE Leap 15.6:bind-9.18.33-150600.3.6.1 openSUSE Leap 15.6:bind-doc-9.18.33-150600.3.6.1 openSUSE Leap 15.6:bind-utils-9.18.33-150600.3.6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250355-1/ https://www.suse.com/security/cve/CVE-2024-11187.html CVE-2024-11187 https://bugzilla.suse.com/1236596 SUSE Bug 1236596 Clients using DNS-over-HTTPS (DoH) can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic. This issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 through 9.18.32-S1. CVE-2024-12705 Container suse/manager/5.0/x86_64/server:latest:bind-utils-9.18.33-150600.3.6.1 Image SLES15-SP6-BYOS-GCE:bind-utils-9.18.33-150600.3.6.1 Image SLES15-SP6-BYOS:bind-utils-9.18.33-150600.3.6.1 Image SLES15-SP6-CHOST-BYOS-Azure:bind-utils-9.18.33-150600.3.6.1 Image SLES15-SP6-CHOST-BYOS-EC2:bind-utils-9.18.33-150600.3.6.1 Image SLES15-SP6-CHOST-BYOS-GCE:bind-utils-9.18.33-150600.3.6.1 Image SLES15-SP6-CHOST-BYOS-GDC:bind-utils-9.18.33-150600.3.6.1 Image SLES15-SP6-CHOST-BYOS-SAP-CCloud:bind-utils-9.18.33-150600.3.6.1 Image SLES15-SP6-CHOST-BYOS:bind-utils-9.18.33-150600.3.6.1 Image SLES15-SP6-GCE:bind-utils-9.18.33-150600.3.6.1 Image SLES15-SP6-Hardened-BYOS-GCE:bind-utils-9.18.33-150600.3.6.1 Image SLES15-SP6-Hardened-BYOS:bind-utils-9.18.33-150600.3.6.1 Image SLES15-SP6-SAP-BYOS-EC2:bind-utils-9.18.33-150600.3.6.1 Image SLES15-SP6-SAP-BYOS-GCE:bind-utils-9.18.33-150600.3.6.1 Image SLES15-SP6-SAP-BYOS:bind-utils-9.18.33-150600.3.6.1 Image SLES15-SP6:bind-utils-9.18.33-150600.3.6.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:bind-utils-9.18.33-150600.3.6.1 SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-9.18.33-150600.3.6.1 SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-doc-9.18.33-150600.3.6.1 openSUSE Leap 15.6:bind-9.18.33-150600.3.6.1 openSUSE Leap 15.6:bind-doc-9.18.33-150600.3.6.1 openSUSE Leap 15.6:bind-utils-9.18.33-150600.3.6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250355-1/ https://www.suse.com/security/cve/CVE-2024-12705.html CVE-2024-12705 https://bugzilla.suse.com/1236597 SUSE Bug 1236597