INFSA-2024:5390: bind9.16 security update
Information about definition
Identificator: INFSA-2024:5390
Type: security
Release date: 2024-08-27 10:06:08 UTC
Information about package
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.
Vulnerabilities description
- CVE-2024-1737
Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name.
- CVE-2024-1975
If a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG(0) signed requests.
- CVE-2024-4076
A flaw was found in the bind9 package, where a client query triggers stale data and also requires local lookups may trigger a assertion failure. This issue results in a denial of service of the bind server.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-1737
|
no information | 7.5 | no information |
|
NIST — CVE-2024-1975
|
no information | 7.5 | no information |
|
NIST — CVE-2024-4076
|
no information | 7.5 | no information |
Updated packages