{"affected":[{"ecosystem_specific":{"binaries":[{"bind":"9.16.50-150400.5.43.1","bind-doc":"9.16.50-150400.5.43.1","bind-utils":"9.16.50-150400.5.43.1","python3-bind":"9.16.50-150400.5.43.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP4-ESPOS","name":"bind","purl":"pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"9.16.50-150400.5.43.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"bind":"9.16.50-150400.5.43.1","bind-doc":"9.16.50-150400.5.43.1","bind-utils":"9.16.50-150400.5.43.1","python3-bind":"9.16.50-150400.5.43.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP4-LTSS","name":"bind","purl":"pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"9.16.50-150400.5.43.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"bind":"9.16.50-150400.5.43.1","bind-doc":"9.16.50-150400.5.43.1","bind-utils":"9.16.50-150400.5.43.1","python3-bind":"9.16.50-150400.5.43.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 15 SP4-LTSS","name":"bind","purl":"pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"9.16.50-150400.5.43.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"bind":"9.16.50-150400.5.43.1","bind-doc":"9.16.50-150400.5.43.1","bind-utils":"9.16.50-150400.5.43.1","python3-bind":"9.16.50-150400.5.43.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 15 SP4","name":"bind","purl":"pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"9.16.50-150400.5.43.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"bind":"9.16.50-150400.5.43.1","bind-doc":"9.16.50-150400.5.43.1","bind-utils":"9.16.50-150400.5.43.1","python3-bind":"9.16.50-150400.5.43.1"}]},"package":{"ecosystem":"SUSE:Manager Proxy 4.3","name":"bind","purl":"pkg:rpm/suse/bind&distro=SUSE%20Manager%20Proxy%204.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"9.16.50-150400.5.43.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"bind":"9.16.50-150400.5.43.1","bind-doc":"9.16.50-150400.5.43.1","bind-utils":"9.16.50-150400.5.43.1","python3-bind":"9.16.50-150400.5.43.1"}]},"package":{"ecosystem":"SUSE:Manager Server 4.3","name":"bind","purl":"pkg:rpm/suse/bind&distro=SUSE%20Manager%20Server%204.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"9.16.50-150400.5.43.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for bind fixes the following issues:\n\nUpdate to 9.16.50:\n\n- Bug Fixes:\n  * A regression in cache-cleaning code enabled memory use to grow\n    significantly more quickly than before, until the configured\n    max-cache-size limit was reached. This has been fixed.\n  * Using rndc flush inadvertently caused cache cleaning to become\n    less effective. This could ultimately lead to the configured\n    max-cache-size limit being exceeded and has now been fixed.\n  * The logic for cleaning up expired cached DNS records was\n    tweaked to be more aggressive. This change helps with enforcing\n    max-cache-ttl and max-ncache-ttl in a timely manner.\n  * It was possible to trigger a use-after-free assertion when the\n    overmem cache cleaning was initiated. This has been fixed.\n  New Features:\n  * Added RESOLVER.ARPA to the built in empty zones.\n- Security Fixes:\n  * It is possible to craft excessively large numbers of resource\n    record types for a given owner name, which has the effect of\n    slowing down database processing. This has been addressed by\n    adding a configurable limit to the number of records that can\n    be stored per name and type in a cache or zone database. The\n    default is 100, which can be tuned with the new\n    max-types-per-name option. (CVE-2024-1737, bsc#1228256)\n  * Validating DNS messages signed using the SIG(0) protocol (RFC\n    2931) could cause excessive CPU load, leading to a\n    denial-of-service condition. Support for SIG(0) message\n    validation was removed from this version of named.\n    (CVE-2024-1975, bsc#1228257)\n  * When looking up the NS records of parent zones as part of\n    looking up DS records, it was possible for named to trigger an\n    assertion failure if serve-stale was enabled. This has been\n    fixed. (CVE-2024-4076, bsc#1228258)\n","id":"SUSE-SU-2024:2863-1","modified":"2024-08-09T07:21:18Z","published":"2024-08-09T07:21:18Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2024/suse-su-20242863-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1228256"},{"type":"REPORT","url":"https://bugzilla.suse.com/1228257"},{"type":"REPORT","url":"https://bugzilla.suse.com/1228258"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-1737"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-1975"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-4076"}],"related":["CVE-2024-1737","CVE-2024-1975","CVE-2024-4076"],"summary":"Security update for bind","upstream":["CVE-2024-1737","CVE-2024-1975","CVE-2024-4076"]}