Security update for bind SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:0389-1 Final 1 1 2025-02-10T07:33:38Z current 2025-02-10T07:33:38Z 2025-02-10T07:33:38Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for bind This update for bind fixes the following issues: - CVE-2024-11187: Fixes CPU exhaustion caused by many records in the additional section (bsc#1236596) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Image SLES12-SP5-EC2-BYOS-2025-389,Image SLES12-SP5-EC2-On-Demand-2025-389,Image SLES12-SP5-EC2-SAP-BYOS-2025-389,Image SLES12-SP5-EC2-SAP-On-Demand-2025-389,Image SLES12-SP5-SAP-Azure-LI-BYOS-Production-2025-389,Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production-2025-389,SUSE-2025-389,SUSE-SLE-SERVER-12-SP5-LTSS-2025-389,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-389 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-20250389-1/ Link for SUSE-SU-2025:0389-1 https://lists.suse.com/pipermail/sle-security-updates/2025-February/020297.html E-Mail link for SUSE-SU-2025:0389-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1236596 SUSE Bug 1236596 https://www.suse.com/security/cve/CVE-2024-11187/ SUSE CVE CVE-2024-11187 page Image SLES12-SP5-EC2-BYOS Image SLES12-SP5-EC2-On-Demand Image SLES12-SP5-EC2-SAP-BYOS Image SLES12-SP5-EC2-SAP-On-Demand Image SLES12-SP5-SAP-Azure-LI-BYOS-Production Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production SUSE Linux Enterprise Server 12 SP5-LTSS SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 bind-utils-9.11.22-3.60.2 libbind9-161-9.11.22-3.60.2 libdns1110-9.11.22-3.60.2 libirs161-9.11.22-3.60.2 libisc1107-9.11.22-3.60.2 libisccc161-9.11.22-3.60.2 libisccfg163-9.11.22-3.60.2 liblwres161-9.11.22-3.60.2 python-bind-9.11.22-3.60.2 bind-9.11.22-3.60.2 bind-chrootenv-9.11.22-3.60.2 bind-devel-9.11.22-3.60.2 bind-devel-32bit-9.11.22-3.60.2 bind-devel-64bit-9.11.22-3.60.2 bind-doc-9.11.22-3.60.2 bind-lwresd-9.11.22-3.60.2 libbind9-161-32bit-9.11.22-3.60.2 libbind9-161-64bit-9.11.22-3.60.2 libdns1110-32bit-9.11.22-3.60.2 libdns1110-64bit-9.11.22-3.60.2 libirs-devel-9.11.22-3.60.2 libirs161-32bit-9.11.22-3.60.2 libirs161-64bit-9.11.22-3.60.2 libisc1107-32bit-9.11.22-3.60.2 libisc1107-64bit-9.11.22-3.60.2 libisccc161-32bit-9.11.22-3.60.2 libisccc161-64bit-9.11.22-3.60.2 libisccfg163-32bit-9.11.22-3.60.2 libisccfg163-64bit-9.11.22-3.60.2 liblwres161-32bit-9.11.22-3.60.2 liblwres161-64bit-9.11.22-3.60.2 bind-utils-9.11.22-3.60.2 as a component of Image SLES12-SP5-EC2-BYOS libbind9-161-9.11.22-3.60.2 as a component of Image SLES12-SP5-EC2-BYOS libdns1110-9.11.22-3.60.2 as a component of Image SLES12-SP5-EC2-BYOS libirs161-9.11.22-3.60.2 as a component of Image SLES12-SP5-EC2-BYOS libisc1107-9.11.22-3.60.2 as a component of Image SLES12-SP5-EC2-BYOS libisccc161-9.11.22-3.60.2 as a component of Image SLES12-SP5-EC2-BYOS libisccfg163-9.11.22-3.60.2 as a component of Image SLES12-SP5-EC2-BYOS liblwres161-9.11.22-3.60.2 as a component of Image SLES12-SP5-EC2-BYOS python-bind-9.11.22-3.60.2 as a component of Image SLES12-SP5-EC2-BYOS bind-utils-9.11.22-3.60.2 as a component of Image SLES12-SP5-EC2-On-Demand libbind9-161-9.11.22-3.60.2 as a component of Image SLES12-SP5-EC2-On-Demand libdns1110-9.11.22-3.60.2 as a component of Image SLES12-SP5-EC2-On-Demand libirs161-9.11.22-3.60.2 as a component of Image SLES12-SP5-EC2-On-Demand libisc1107-9.11.22-3.60.2 as a component of Image SLES12-SP5-EC2-On-Demand libisccc161-9.11.22-3.60.2 as a component of Image SLES12-SP5-EC2-On-Demand libisccfg163-9.11.22-3.60.2 as a component of Image SLES12-SP5-EC2-On-Demand liblwres161-9.11.22-3.60.2 as a component of Image SLES12-SP5-EC2-On-Demand python-bind-9.11.22-3.60.2 as a component of Image SLES12-SP5-EC2-On-Demand bind-utils-9.11.22-3.60.2 as a component of Image SLES12-SP5-EC2-SAP-BYOS libbind9-161-9.11.22-3.60.2 as a component of Image SLES12-SP5-EC2-SAP-BYOS libdns1110-9.11.22-3.60.2 as a component of Image SLES12-SP5-EC2-SAP-BYOS libirs161-9.11.22-3.60.2 as a component of Image SLES12-SP5-EC2-SAP-BYOS libisc1107-9.11.22-3.60.2 as a component of Image SLES12-SP5-EC2-SAP-BYOS libisccc161-9.11.22-3.60.2 as a component of Image SLES12-SP5-EC2-SAP-BYOS libisccfg163-9.11.22-3.60.2 as a component of Image SLES12-SP5-EC2-SAP-BYOS liblwres161-9.11.22-3.60.2 as a component of Image SLES12-SP5-EC2-SAP-BYOS python-bind-9.11.22-3.60.2 as a component of Image SLES12-SP5-EC2-SAP-BYOS bind-utils-9.11.22-3.60.2 as a component of Image SLES12-SP5-EC2-SAP-On-Demand libbind9-161-9.11.22-3.60.2 as a component of Image SLES12-SP5-EC2-SAP-On-Demand libdns1110-9.11.22-3.60.2 as a component of Image SLES12-SP5-EC2-SAP-On-Demand libirs161-9.11.22-3.60.2 as a component of Image SLES12-SP5-EC2-SAP-On-Demand libisc1107-9.11.22-3.60.2 as a component of Image SLES12-SP5-EC2-SAP-On-Demand libisccc161-9.11.22-3.60.2 as a component of Image SLES12-SP5-EC2-SAP-On-Demand libisccfg163-9.11.22-3.60.2 as a component of Image SLES12-SP5-EC2-SAP-On-Demand liblwres161-9.11.22-3.60.2 as a component of Image SLES12-SP5-EC2-SAP-On-Demand python-bind-9.11.22-3.60.2 as a component of Image SLES12-SP5-EC2-SAP-On-Demand bind-utils-9.11.22-3.60.2 as a component of Image SLES12-SP5-SAP-Azure-LI-BYOS-Production libbind9-161-9.11.22-3.60.2 as a component of Image SLES12-SP5-SAP-Azure-LI-BYOS-Production libdns1110-9.11.22-3.60.2 as a component of Image SLES12-SP5-SAP-Azure-LI-BYOS-Production libirs161-9.11.22-3.60.2 as a component of Image SLES12-SP5-SAP-Azure-LI-BYOS-Production libisc1107-9.11.22-3.60.2 as a component of Image SLES12-SP5-SAP-Azure-LI-BYOS-Production libisccc161-9.11.22-3.60.2 as a component of Image SLES12-SP5-SAP-Azure-LI-BYOS-Production libisccfg163-9.11.22-3.60.2 as a component of Image SLES12-SP5-SAP-Azure-LI-BYOS-Production liblwres161-9.11.22-3.60.2 as a component of Image SLES12-SP5-SAP-Azure-LI-BYOS-Production python-bind-9.11.22-3.60.2 as a component of Image SLES12-SP5-SAP-Azure-LI-BYOS-Production bind-utils-9.11.22-3.60.2 as a component of Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production libbind9-161-9.11.22-3.60.2 as a component of Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production libdns1110-9.11.22-3.60.2 as a component of Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production libirs161-9.11.22-3.60.2 as a component of Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production libisc1107-9.11.22-3.60.2 as a component of Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production libisccc161-9.11.22-3.60.2 as a component of Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production libisccfg163-9.11.22-3.60.2 as a component of Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production liblwres161-9.11.22-3.60.2 as a component of Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production python-bind-9.11.22-3.60.2 as a component of Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production bind-9.11.22-3.60.2 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS bind-chrootenv-9.11.22-3.60.2 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS bind-devel-9.11.22-3.60.2 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS bind-doc-9.11.22-3.60.2 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS bind-utils-9.11.22-3.60.2 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS libbind9-161-9.11.22-3.60.2 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS libdns1110-9.11.22-3.60.2 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS libirs161-9.11.22-3.60.2 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS libisc1107-9.11.22-3.60.2 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS libisc1107-32bit-9.11.22-3.60.2 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS libisccc161-9.11.22-3.60.2 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS libisccfg163-9.11.22-3.60.2 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS liblwres161-9.11.22-3.60.2 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS python-bind-9.11.22-3.60.2 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS bind-9.11.22-3.60.2 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 bind-chrootenv-9.11.22-3.60.2 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 bind-devel-9.11.22-3.60.2 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 bind-doc-9.11.22-3.60.2 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 bind-utils-9.11.22-3.60.2 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 libbind9-161-9.11.22-3.60.2 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 libdns1110-9.11.22-3.60.2 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 libirs161-9.11.22-3.60.2 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 libisc1107-9.11.22-3.60.2 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 libisc1107-32bit-9.11.22-3.60.2 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 libisccc161-9.11.22-3.60.2 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 libisccfg163-9.11.22-3.60.2 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 liblwres161-9.11.22-3.60.2 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 python-bind-9.11.22-3.60.2 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources processing the queries. Zones will usually need to have been deliberately crafted to attack this exposure. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.32-S1. CVE-2024-11187 Image SLES12-SP5-EC2-BYOS:bind-utils-9.11.22-3.60.2 Image SLES12-SP5-EC2-BYOS:libbind9-161-9.11.22-3.60.2 Image SLES12-SP5-EC2-BYOS:libdns1110-9.11.22-3.60.2 Image SLES12-SP5-EC2-BYOS:libirs161-9.11.22-3.60.2 Image SLES12-SP5-EC2-BYOS:libisc1107-9.11.22-3.60.2 Image SLES12-SP5-EC2-BYOS:libisccc161-9.11.22-3.60.2 Image SLES12-SP5-EC2-BYOS:libisccfg163-9.11.22-3.60.2 Image SLES12-SP5-EC2-BYOS:liblwres161-9.11.22-3.60.2 Image SLES12-SP5-EC2-BYOS:python-bind-9.11.22-3.60.2 Image SLES12-SP5-EC2-On-Demand:bind-utils-9.11.22-3.60.2 Image SLES12-SP5-EC2-On-Demand:libbind9-161-9.11.22-3.60.2 Image SLES12-SP5-EC2-On-Demand:libdns1110-9.11.22-3.60.2 Image SLES12-SP5-EC2-On-Demand:libirs161-9.11.22-3.60.2 Image SLES12-SP5-EC2-On-Demand:libisc1107-9.11.22-3.60.2 Image SLES12-SP5-EC2-On-Demand:libisccc161-9.11.22-3.60.2 Image SLES12-SP5-EC2-On-Demand:libisccfg163-9.11.22-3.60.2 Image SLES12-SP5-EC2-On-Demand:liblwres161-9.11.22-3.60.2 Image SLES12-SP5-EC2-On-Demand:python-bind-9.11.22-3.60.2 Image SLES12-SP5-EC2-SAP-BYOS:bind-utils-9.11.22-3.60.2 Image SLES12-SP5-EC2-SAP-BYOS:libbind9-161-9.11.22-3.60.2 Image SLES12-SP5-EC2-SAP-BYOS:libdns1110-9.11.22-3.60.2 Image SLES12-SP5-EC2-SAP-BYOS:libirs161-9.11.22-3.60.2 Image SLES12-SP5-EC2-SAP-BYOS:libisc1107-9.11.22-3.60.2 Image SLES12-SP5-EC2-SAP-BYOS:libisccc161-9.11.22-3.60.2 Image SLES12-SP5-EC2-SAP-BYOS:libisccfg163-9.11.22-3.60.2 Image SLES12-SP5-EC2-SAP-BYOS:liblwres161-9.11.22-3.60.2 Image SLES12-SP5-EC2-SAP-BYOS:python-bind-9.11.22-3.60.2 Image SLES12-SP5-EC2-SAP-On-Demand:bind-utils-9.11.22-3.60.2 Image SLES12-SP5-EC2-SAP-On-Demand:libbind9-161-9.11.22-3.60.2 Image SLES12-SP5-EC2-SAP-On-Demand:libdns1110-9.11.22-3.60.2 Image SLES12-SP5-EC2-SAP-On-Demand:libirs161-9.11.22-3.60.2 Image SLES12-SP5-EC2-SAP-On-Demand:libisc1107-9.11.22-3.60.2 Image SLES12-SP5-EC2-SAP-On-Demand:libisccc161-9.11.22-3.60.2 Image SLES12-SP5-EC2-SAP-On-Demand:libisccfg163-9.11.22-3.60.2 Image SLES12-SP5-EC2-SAP-On-Demand:liblwres161-9.11.22-3.60.2 Image SLES12-SP5-EC2-SAP-On-Demand:python-bind-9.11.22-3.60.2 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:bind-utils-9.11.22-3.60.2 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:libbind9-161-9.11.22-3.60.2 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:libdns1110-9.11.22-3.60.2 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:libirs161-9.11.22-3.60.2 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:libisc1107-9.11.22-3.60.2 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:libisccc161-9.11.22-3.60.2 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:libisccfg163-9.11.22-3.60.2 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:liblwres161-9.11.22-3.60.2 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:python-bind-9.11.22-3.60.2 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:bind-utils-9.11.22-3.60.2 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:libbind9-161-9.11.22-3.60.2 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:libdns1110-9.11.22-3.60.2 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:libirs161-9.11.22-3.60.2 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:libisc1107-9.11.22-3.60.2 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:libisccc161-9.11.22-3.60.2 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:libisccfg163-9.11.22-3.60.2 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:liblwres161-9.11.22-3.60.2 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:python-bind-9.11.22-3.60.2 SUSE Linux Enterprise Server 12 SP5-LTSS:bind-9.11.22-3.60.2 SUSE Linux Enterprise Server 12 SP5-LTSS:bind-chrootenv-9.11.22-3.60.2 SUSE Linux Enterprise Server 12 SP5-LTSS:bind-devel-9.11.22-3.60.2 SUSE Linux Enterprise Server 12 SP5-LTSS:bind-doc-9.11.22-3.60.2 SUSE Linux Enterprise Server 12 SP5-LTSS:bind-utils-9.11.22-3.60.2 SUSE Linux Enterprise Server 12 SP5-LTSS:libbind9-161-9.11.22-3.60.2 SUSE Linux Enterprise Server 12 SP5-LTSS:libdns1110-9.11.22-3.60.2 SUSE Linux Enterprise Server 12 SP5-LTSS:libirs161-9.11.22-3.60.2 SUSE Linux Enterprise Server 12 SP5-LTSS:libisc1107-32bit-9.11.22-3.60.2 SUSE Linux Enterprise Server 12 SP5-LTSS:libisc1107-9.11.22-3.60.2 SUSE Linux Enterprise Server 12 SP5-LTSS:libisccc161-9.11.22-3.60.2 SUSE Linux Enterprise Server 12 SP5-LTSS:libisccfg163-9.11.22-3.60.2 SUSE Linux Enterprise Server 12 SP5-LTSS:liblwres161-9.11.22-3.60.2 SUSE Linux Enterprise Server 12 SP5-LTSS:python-bind-9.11.22-3.60.2 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:bind-9.11.22-3.60.2 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:bind-chrootenv-9.11.22-3.60.2 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:bind-devel-9.11.22-3.60.2 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:bind-doc-9.11.22-3.60.2 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:bind-utils-9.11.22-3.60.2 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libbind9-161-9.11.22-3.60.2 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libdns1110-9.11.22-3.60.2 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libirs161-9.11.22-3.60.2 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libisc1107-32bit-9.11.22-3.60.2 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libisc1107-9.11.22-3.60.2 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libisccc161-9.11.22-3.60.2 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libisccfg163-9.11.22-3.60.2 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:liblwres161-9.11.22-3.60.2 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-bind-9.11.22-3.60.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250389-1/ https://www.suse.com/security/cve/CVE-2024-11187.html CVE-2024-11187 https://bugzilla.suse.com/1236596 SUSE Bug 1236596