Headline
Ubuntu Security Notice USN-6909-2
Ubuntu Security Notice 6909-2 - USN-6909-1 fixed several vulnerabilities in Bind. This update provides the corresponding update for Ubuntu 18.04 LTS. Toshifumi Sakaguchi discovered that Bind incorrectly handled having a very large number of RRs existing at the same time. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service.
==========================================================================Ubuntu Security Notice USN-6909-2August 01, 2024bind9 vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 18.04 LTSSummary:Several security issues were fixed in Bind.Software Description:- bind9: Internet Domain Name ServerDetails:USN-6909-1 fixed several vulnerabilities in Bind. This update providesthe corresponding update for Ubuntu 18.04 LTS.Original advisory details: Toshifumi Sakaguchi discovered that Bind incorrectly handled having a very large number of RRs existing at the same time. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service. (CVE-2024-1737) It was discovered that Bind incorrectly handled a large number of SIG(0) signed requests. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service. (CVE-2024-1975)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 18.04 LTS bind9 1:9.11.3+dfsg-1ubuntu1.19+esm4 Available with Ubuntu ProThis update uses a new upstream release, which includes additional bugfixes. In general, a standard system update will make all the necessarychanges.References: https://ubuntu.com/security/notices/USN-6909-2 https://ubuntu.com/security/notices/USN-6909-1 CVE-2024-1737, CVE-2024-1975Related news
Red Hat Security Advisory 2024-5930-03 - An update for bind is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.
Red Hat Security Advisory 2024-5908-03 - An update for bind is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.
Red Hat Security Advisory 2024-5907-03 - An update for bind and bind-dyndb-ldap is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.
Red Hat Security Advisory 2024-5894-03 - An update for bind is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support.
Red Hat Security Advisory 2024-5871-03 - An update for bind is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.
Red Hat Security Advisory 2024-5838-03 - An update for bind is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.
Red Hat Security Advisory 2024-5813-03 - An update for bind and bind-dyndb-ldap is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
Ubuntu Security Notice 6909-3 - USN-6909-1 fixed vulnerabilities in Bind. This update provides the corresponding updates for Ubuntu 16.04 LTS. Toshifumi Sakaguchi discovered that Bind incorrectly handled having a very large number of RRs existing at the same time. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service.
Red Hat Security Advisory 2024-5231-03 - An update for bind and bind-dyndb-ldap is now available for Red Hat Enterprise Linux 9.
Red Hat Security Advisory 2024-5418-03 - An update for bind9.16 is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.
The Internet Systems Consortium (ISC) has released patches to address multiple security vulnerabilities in the Berkeley Internet Name Domain (BIND) 9 Domain Name System (DNS) software suite that could be exploited to trigger a denial-of-service (DoS) condition. "A cyber threat actor could exploit one of these vulnerabilities to cause a denial-of-service condition," the U.S. Cybersecurity and
The Internet Systems Consortium (ISC) has released patches to address multiple security vulnerabilities in the Berkeley Internet Name Domain (BIND) 9 Domain Name System (DNS) software suite that could be exploited to trigger a denial-of-service (DoS) condition. "A cyber threat actor could exploit one of these vulnerabilities to cause a denial-of-service condition," the U.S. Cybersecurity and
Ubuntu Security Notice 6909-1 - It was discovered that Bind incorrectly handled a flood of DNS messages over TCP. A remote attacker could possibly use this issue to cause Bind to become unstable, resulting in a denial of service. Toshifumi Sakaguchi discovered that Bind incorrectly handled having a very large number of RRs existing at the same time. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service.
Ubuntu Security Notice 6909-1 - It was discovered that Bind incorrectly handled a flood of DNS messages over TCP. A remote attacker could possibly use this issue to cause Bind to become unstable, resulting in a denial of service. Toshifumi Sakaguchi discovered that Bind incorrectly handled having a very large number of RRs existing at the same time. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service.