important: bind security update
important
An update for bind is now available for NewStart CGSL MAIN 7.02.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
bind:
Security Fix(es):
bind: A flaw was found in the bind9 package, where a hostname with significant resource records may slow down bind's resolver cache and authoritative zone databases while these records are being added or updated. In addition, client queries for the related hostname may cause the same issue. This vulnerability may lead to a denial of service.(CVE-2024-1737)
bind: A flaw was found in the bind9 package, where if a DNS server hosts a zone containing a "KEY" resource record or a DNS resolver utilizes the DNSSEC validate feature to validate a "KEY" resource record, a malicious client could exhaust the CPU resourced from the resolver by sending a stream of SIG(0) signed requests. This issue can lead to a denial of service.(CVE-2024-1975)
bind: A flaw was found in the bind9 package, where a client query triggers stale data and also requires local lookups may trigger a assertion failure. This issue results in a denial of service of the bind server.(CVE-2024-4076)
bind: A flaw was found in the Bind package. The networking code handling DNS-over-TLS queries may cause named to terminate unexpectedly due to an assertion failure. This happens when internal data structures are incorrectly reused under significant DNS-over-TLS query load. A named instance vulnerable to this flaw may terminate unexpectedly when subjected to significant DNS-over-TLS query load.(CVE-2023-4236)
bind: A flaw was found in the Bind package. The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size. Depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing named to terminate unexpectedly.(CVE-2023-3341)
bind: bugfix
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 7.02.03B8.