ELSA-2024-5231

ELSA-2024-5231 - bind and bind-dyndb-ldap security update

Type:	SECURITY
Severity:	IMPORTANT
Release Date:	2024-08-13

Description

bind
[9.16.23-18.0.1.6]
- Fix warning when changing device file permissions [Orabug: 36518580]

[32:9.16.23-18.6]
- Minor fix of reclimit test backport (CVE-2024-1737)

[32:9.16.23-18.5]
- Backport addition of max-records-per-type and max-records-per-type options

[32:9.16.23-18.2]
- Resolve CVE-2024-1975
- Resolve CVE-2024-1737
- Resolve CVE-2024-4076
- Add ability to change runtime limits for max types and records per name

[32:9.16.23-18.1]
- Rebuild with correct z-stream tag again

[32:9.16.23-18]
- Prevent crashing at masterformat system test (CVE-2023-6516)

[32:9.16.23-17]
- Import tests for large DNS messages fix
- Add downstream change complementing CVE-2023-50387

[32:9.16.23-16]
- Prevent increased CPU load on large DNS messages (CVE-2023-4408)
- Prevent assertion failure when nxdomain-redirect is used with
RFC 1918 reverse zones (CVE-2023-5517)
- Prevent assertion failure if DNS64 and serve-stale is used (CVE-2023-5679)
- Specific recursive query patterns may lead to an out-of-memory
condition (CVE-2023-6516)
- Prevent increased CPU consumption in DNSSEC validator (CVE-2023-50387
CVE-2023-50868)

[32:9.16.23-15]
- Update addresses of b.root-servers.net (RHEL-18188)

[32:9.16.23-14]
- Limit the amount of recursion possible in control channel (CVE-2023-3341)

[32:9.16.23-13]
- Prevent possible endless loop when refreshing stale data (CVE-2023-2911)

[32:9.16.23-12]
- Strengten cache cleaning to prevent overflowing configured limit
(CVE-2023-2828)

[32:9.16.23-11]
- Correct backport issue in statistics rendering fix (#2126912)

[32:9.16.23-10]
- Handle subtle difference between upstream and rhel (CVE-2022-3094)

[32:9.16.23-9]
- Prevent flooding with UPDATE requests (CVE-2022-3094)
- Handle RRSIG queries when server-stale is active (CVE-2022-3736)
- Fix crash when soft-quota is reached and serve-stale is active (CVE-2022-3924)

[32:9.16.23-8]
- Correct regression preventing bind-dyndb-ldap build (#2162795)

[32:9.16.23-7]
- Prevent freeing zone during statistics rendering (#2101712)

[32:9.16.23-6]
- Bound the amount of work performed for delegations (CVE-2022-2795)
- Add /usr/lib64/named to bind-chroot (#2129466)

[32:9.16.23-5]
- Fix possible serve-stale related crash (CVE-2022-3080)
- Fix memory leak in ECDSA verify processing (CVE-2022-38177)
- Fix memory leak in EdDSA verify processing (CVE-2022-38178)

bind-dyndb-ldap
[11.9-10]
- Rebuilt for BIND CVE-2024-1737 fixes (CVE-2024-1737)

Related CVEs

CVE-2024-4076

CVE-2024-1737

CVE-2024-1975

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory	Channel Label
Oracle Linux 9 (aarch64)	bind-9.16.23-18.0.1.el9_4.6.src.rpm	b4ff186fcac955f3b49bd28f02fafd28	-	ol9_aarch64_appstream
	bind-9.16.23-18.0.1.el9_4.6.src.rpm	b4ff186fcac955f3b49bd28f02fafd28	-	ol9_aarch64_codeready_builder
	bind-dyndb-ldap-11.9-10.el9_4.src.rpm	298baff45f30a8948f2befbe2a2a8a78	-	ol9_aarch64_appstream
	bind-9.16.23-18.0.1.el9_4.6.aarch64.rpm	4758c95e1a19b4bbea1013afe86a7348	-	ol9_aarch64_appstream
	bind-chroot-9.16.23-18.0.1.el9_4.6.aarch64.rpm	741d856a17f098765e75688ab5ba13aa	-	ol9_aarch64_appstream
	bind-devel-9.16.23-18.0.1.el9_4.6.aarch64.rpm	68562bca165d436fa3b86bd94ef9b5f7	-	ol9_aarch64_codeready_builder
	bind-dnssec-doc-9.16.23-18.0.1.el9_4.6.noarch.rpm	edd347848dc1614d15b7907e16ca03ae	-	ol9_aarch64_appstream
	bind-dnssec-utils-9.16.23-18.0.1.el9_4.6.aarch64.rpm	a17bb7b717c9820a74954aa36b737cb1	-	ol9_aarch64_appstream
	bind-doc-9.16.23-18.0.1.el9_4.6.noarch.rpm	e10cb8fe9bd93c891a2a61f447549e95	-	ol9_aarch64_codeready_builder
	bind-dyndb-ldap-11.9-10.el9_4.aarch64.rpm	6e52060a5d932b30570997b9ccf8ecc1	-	ol9_aarch64_appstream
	bind-libs-9.16.23-18.0.1.el9_4.6.aarch64.rpm	2d7db1cd5b7063042e69c89fb8cb8d42	-	ol9_aarch64_appstream
	bind-license-9.16.23-18.0.1.el9_4.6.noarch.rpm	a5f4b7015259b192beb3361731c887aa	-	ol9_aarch64_appstream
	bind-utils-9.16.23-18.0.1.el9_4.6.aarch64.rpm	9988e0139ae9d67861a3bdbe042893c4	-	ol9_aarch64_appstream
	python3-bind-9.16.23-18.0.1.el9_4.6.noarch.rpm	73847b0109a57749a41c335f70914880	-	ol9_aarch64_appstream
Oracle Linux 9 (x86_64)	bind-9.16.23-18.0.1.el9_4.6.src.rpm	b4ff186fcac955f3b49bd28f02fafd28	-	ol9_x86_64_appstream
	bind-9.16.23-18.0.1.el9_4.6.src.rpm	b4ff186fcac955f3b49bd28f02fafd28	-	ol9_x86_64_codeready_builder
	bind-dyndb-ldap-11.9-10.el9_4.src.rpm	298baff45f30a8948f2befbe2a2a8a78	-	ol9_x86_64_appstream
	bind-9.16.23-18.0.1.el9_4.6.x86_64.rpm	82981cbeb75719eecd87de8da76a617c	-	ol9_x86_64_appstream
	bind-chroot-9.16.23-18.0.1.el9_4.6.x86_64.rpm	73e87ae0a139ff701fad56272c5b64c0	-	ol9_x86_64_appstream
	bind-devel-9.16.23-18.0.1.el9_4.6.i686.rpm	b69bf67f96c03679b883bcfc711444db	-	ol9_x86_64_codeready_builder
	bind-devel-9.16.23-18.0.1.el9_4.6.x86_64.rpm	9382f889df895752bf8d1a61fc7a2653	-	ol9_x86_64_codeready_builder
	bind-dnssec-doc-9.16.23-18.0.1.el9_4.6.noarch.rpm	edd347848dc1614d15b7907e16ca03ae	-	ol9_x86_64_appstream
	bind-dnssec-utils-9.16.23-18.0.1.el9_4.6.x86_64.rpm	45f024d16d4411974dc42a0544318e25	-	ol9_x86_64_appstream
	bind-doc-9.16.23-18.0.1.el9_4.6.noarch.rpm	e10cb8fe9bd93c891a2a61f447549e95	-	ol9_x86_64_codeready_builder
	bind-dyndb-ldap-11.9-10.el9_4.x86_64.rpm	37f6b2d2e2944f472da81e18e222ff44	-	ol9_x86_64_appstream
	bind-libs-9.16.23-18.0.1.el9_4.6.i686.rpm	3a2d661fe68f257729d64f40391d18e1	-	ol9_x86_64_codeready_builder
	bind-libs-9.16.23-18.0.1.el9_4.6.x86_64.rpm	e98678762a636a77a5e402025f96b66a	-	ol9_x86_64_appstream
	bind-license-9.16.23-18.0.1.el9_4.6.noarch.rpm	a5f4b7015259b192beb3361731c887aa	-	ol9_x86_64_appstream
	bind-utils-9.16.23-18.0.1.el9_4.6.x86_64.rpm	73790074171a804ea854976c309c976e	-	ol9_x86_64_appstream
	python3-bind-9.16.23-18.0.1.el9_4.6.noarch.rpm	73847b0109a57749a41c335f70914880	-	ol9_x86_64_appstream