INFSA-2024:3271: bind and dhcp security update
Information about definition
Identificator: INFSA-2024:3271
Type: security
Release date: 2024-08-23 19:27:42 UTC
Information about package
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network.
Vulnerabilities description
- CVE-2023-4408
A flaw was found in the bind package. This issue may allow a remote attacker with no specific privileges to craft a specially long DNS message leading to an excessive and uncontrolled CPU usage, the server being unavailable, and a Denial of Service.
- CVE-2023-50387
Processing specially crafted responses coming from DNSSEC-signed zones can lead to uncontrolled CPU usage, leading to a Denial of Service in the DNSSEC-validating resolver side. This vulnerability applies only for systems where DNSSEC validation is enabled.
- CVE-2023-50868
A flaw was found in bind9. By flooding a DNSSEC resolver with responses coming from a DNSEC-signed zone using NSEC3, an attacker can lead the targeted resolver to a CPU exhaustion, further leading to a Denial of Service on the targeted host. This vulnerability applies only for systems where DNSSEC validation is enabled. Bug Fix: * dhcp rebuilt after API change of bind-export-libs.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2023-4408
|
no information | 7.5 | no information |
|
NIST — CVE-2023-50387
|
no information | 7.5 | no information |
|
NIST — CVE-2023-50868
|
no information | 7.5 | no information |
Updated packages