Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:4154: Red Hat Security Advisory: bind security update

An update for bind is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-2828: A vulnerability was found in BIND. The effectiveness of the cache-cleaning algorithm used in named can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured max-cache-size limit to exceed significantly.
Red Hat Security Data
#vulnerability#linux#red_hat#sap

Synopsis

Important: bind security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for bind is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.

Security Fix(es):

  • bind: named’s configured cache size limit can be significantly exceeded (CVE-2023-2828)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, the BIND daemon (named) will be restarted automatically.

Affected Products

  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.1 x86_64

Fixes

  • BZ - 2216227 - CVE-2023-2828 bind: named’s configured cache size limit can be significantly exceeded

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1

SRPM

bind-9.11.4-26.P2.el8_1.7.src.rpm

SHA-256: d54fbab3ed48be57a5ee036a441477b303d30dbe9f3e0dd8e942223905244195

ppc64le

bind-9.11.4-26.P2.el8_1.7.ppc64le.rpm

SHA-256: 8b87190c3ece6980863a062dd5dd7c9bc31816dd23d205091e90572f20bd8666

bind-chroot-9.11.4-26.P2.el8_1.7.ppc64le.rpm

SHA-256: 6ee0be99ab483dc87c5de3d8c76ca9a9619be615b847dd8db68d3dd542d6720c

bind-debuginfo-9.11.4-26.P2.el8_1.7.ppc64le.rpm

SHA-256: f155c3fdbd7a5d7feeda2528ae319b8ad3e064cfc4890d3531d8abdf03728d35

bind-debuginfo-9.11.4-26.P2.el8_1.7.ppc64le.rpm

SHA-256: f155c3fdbd7a5d7feeda2528ae319b8ad3e064cfc4890d3531d8abdf03728d35

bind-debugsource-9.11.4-26.P2.el8_1.7.ppc64le.rpm

SHA-256: ed3e824061a69dc1de49c5da93efb64ec9def678a54643819b74b588122157e9

bind-debugsource-9.11.4-26.P2.el8_1.7.ppc64le.rpm

SHA-256: ed3e824061a69dc1de49c5da93efb64ec9def678a54643819b74b588122157e9

bind-devel-9.11.4-26.P2.el8_1.7.ppc64le.rpm

SHA-256: 13aaf927cbc3dc9f028464a5e0beb57ba3561a12e9207a940fe677be85f86b88

bind-export-devel-9.11.4-26.P2.el8_1.7.ppc64le.rpm

SHA-256: 4f5044d062f7c4213a00413991f71559a7c2d84e9009a1f9265ce1370120deaa

bind-export-libs-9.11.4-26.P2.el8_1.7.ppc64le.rpm

SHA-256: 6d060ffe8629b64be03bde717aec7a80f75d4f87f5acbf116805cc7e3d8dd293

bind-export-libs-debuginfo-9.11.4-26.P2.el8_1.7.ppc64le.rpm

SHA-256: c9d6f68f9298f8b8e4a966583926e0209d41c26bb0a8b09dd74a5a46e55b02ee

bind-export-libs-debuginfo-9.11.4-26.P2.el8_1.7.ppc64le.rpm

SHA-256: c9d6f68f9298f8b8e4a966583926e0209d41c26bb0a8b09dd74a5a46e55b02ee

bind-libs-9.11.4-26.P2.el8_1.7.ppc64le.rpm

SHA-256: 6bc2e6c14aadae3570caf4dfac07424f819c9177712faa4a28a9c502393f760f

bind-libs-debuginfo-9.11.4-26.P2.el8_1.7.ppc64le.rpm

SHA-256: ed4bcc3cc9e87d89ee0630bb957e8a174493c6518b8c9bf179bdb0f52ce8bc26

bind-libs-debuginfo-9.11.4-26.P2.el8_1.7.ppc64le.rpm

SHA-256: ed4bcc3cc9e87d89ee0630bb957e8a174493c6518b8c9bf179bdb0f52ce8bc26

bind-libs-lite-9.11.4-26.P2.el8_1.7.ppc64le.rpm

SHA-256: 7f4f853c6a502d1329ff00f6a1571c86917fd4ca651de8ee7615c21ffb7e0ce2

bind-libs-lite-debuginfo-9.11.4-26.P2.el8_1.7.ppc64le.rpm

SHA-256: 979d55626987dac68bc9cf837b46e0ed72ac9151f10d91c04aaac7dede882275

bind-libs-lite-debuginfo-9.11.4-26.P2.el8_1.7.ppc64le.rpm

SHA-256: 979d55626987dac68bc9cf837b46e0ed72ac9151f10d91c04aaac7dede882275

bind-license-9.11.4-26.P2.el8_1.7.noarch.rpm

SHA-256: 886f9ca800aaa884f7b48b17f08ab9234d3f952f8b30eb1d4cfb2d78e0e07486

bind-lite-devel-9.11.4-26.P2.el8_1.7.ppc64le.rpm

SHA-256: 8da0c72b248843169e91af66fae5a75942ad6d44444252c1fff2ef76fb585b37

bind-pkcs11-9.11.4-26.P2.el8_1.7.ppc64le.rpm

SHA-256: eb8793b8f46e62ceae15afdf06fe58af517da23a93e9e0a49a1e8a3ca7c63c0b

bind-pkcs11-debuginfo-9.11.4-26.P2.el8_1.7.ppc64le.rpm

SHA-256: 02354ca714c7df58e846547759fc90afc92fac1debe61822c8cafdb8f0a12503

bind-pkcs11-debuginfo-9.11.4-26.P2.el8_1.7.ppc64le.rpm

SHA-256: 02354ca714c7df58e846547759fc90afc92fac1debe61822c8cafdb8f0a12503

bind-pkcs11-devel-9.11.4-26.P2.el8_1.7.ppc64le.rpm

SHA-256: 0be28734e08d57c8ae60fff0c709197a0312057d42cb0f390cd559e5f8ef29b8

bind-pkcs11-libs-9.11.4-26.P2.el8_1.7.ppc64le.rpm

SHA-256: 589c302ac86b6459207ebdbdc20bdebb6a6bef4682aa00f762dacb1cbd69d54a

bind-pkcs11-libs-debuginfo-9.11.4-26.P2.el8_1.7.ppc64le.rpm

SHA-256: dbf7bd88cc8993367a4b5a75636c8dd11c5f95e8bc14f3c5ad04bedaae436432

bind-pkcs11-libs-debuginfo-9.11.4-26.P2.el8_1.7.ppc64le.rpm

SHA-256: dbf7bd88cc8993367a4b5a75636c8dd11c5f95e8bc14f3c5ad04bedaae436432

bind-pkcs11-utils-9.11.4-26.P2.el8_1.7.ppc64le.rpm

SHA-256: a2ad7aefb906a5d661143f10bfc28631593a86ac16d1e9bcd245e635c1b56a30

bind-pkcs11-utils-debuginfo-9.11.4-26.P2.el8_1.7.ppc64le.rpm

SHA-256: 169a1804ef5f56f83063f8d76b73a7d07ef04959377519179d0332999b06b4e3

bind-pkcs11-utils-debuginfo-9.11.4-26.P2.el8_1.7.ppc64le.rpm

SHA-256: 169a1804ef5f56f83063f8d76b73a7d07ef04959377519179d0332999b06b4e3

bind-sdb-9.11.4-26.P2.el8_1.7.ppc64le.rpm

SHA-256: d6b7486abb52d034e38f0071e67bc05e662c34572d56d96ea5cac250a4db943d

bind-sdb-chroot-9.11.4-26.P2.el8_1.7.ppc64le.rpm

SHA-256: 9f0f256d97f61b6dd5f2866cd37dbf90a1c09a1bfa958c07698ad37522fea06c

bind-sdb-debuginfo-9.11.4-26.P2.el8_1.7.ppc64le.rpm

SHA-256: f1086bf7ed92b25fe9bb42d73add6aa215654e19e466d48e0884c46b8f8ba075

bind-sdb-debuginfo-9.11.4-26.P2.el8_1.7.ppc64le.rpm

SHA-256: f1086bf7ed92b25fe9bb42d73add6aa215654e19e466d48e0884c46b8f8ba075

bind-utils-9.11.4-26.P2.el8_1.7.ppc64le.rpm

SHA-256: 7382460d21d1edaf98ad44cd5a86197bc81a687f39af000714d95c7daab4f36d

bind-utils-debuginfo-9.11.4-26.P2.el8_1.7.ppc64le.rpm

SHA-256: de1c572f73070008432740d1341f49c3b0331db74bff52369d2165db34d5daa6

bind-utils-debuginfo-9.11.4-26.P2.el8_1.7.ppc64le.rpm

SHA-256: de1c572f73070008432740d1341f49c3b0331db74bff52369d2165db34d5daa6

python3-bind-9.11.4-26.P2.el8_1.7.noarch.rpm

SHA-256: 3cc8aace6452c19452a4f7ccf2c56875dbe82bad48e829d0a0609b577e6f058f

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.1

SRPM

bind-9.11.4-26.P2.el8_1.7.src.rpm

SHA-256: d54fbab3ed48be57a5ee036a441477b303d30dbe9f3e0dd8e942223905244195

x86_64

bind-9.11.4-26.P2.el8_1.7.x86_64.rpm

SHA-256: 559dc019f3036a02ce9ff359c2e1cfb6f8cde2b54c98b1606f654edefbf3d7a5

bind-chroot-9.11.4-26.P2.el8_1.7.x86_64.rpm

SHA-256: f537e5ee2291a76bc5591343c5d1bcda169919b9c90d044b93b12fd0b85923c7

bind-debuginfo-9.11.4-26.P2.el8_1.7.i686.rpm

SHA-256: 0d4f89e1f5f0a6088005d58035e924f7027a4b626ce2f0950d357e4d39ec8e2a

bind-debuginfo-9.11.4-26.P2.el8_1.7.i686.rpm

SHA-256: 0d4f89e1f5f0a6088005d58035e924f7027a4b626ce2f0950d357e4d39ec8e2a

bind-debuginfo-9.11.4-26.P2.el8_1.7.x86_64.rpm

SHA-256: b8ca289e5c1916aadb7f1e1a8736fafd6c221cb1b11c4d1656f176879506a27e

bind-debuginfo-9.11.4-26.P2.el8_1.7.x86_64.rpm

SHA-256: b8ca289e5c1916aadb7f1e1a8736fafd6c221cb1b11c4d1656f176879506a27e

bind-debugsource-9.11.4-26.P2.el8_1.7.i686.rpm

SHA-256: 0323492c136132dbe6ceb51d72457d27565a85c9ab402cd2bcef3899bc6597e8

bind-debugsource-9.11.4-26.P2.el8_1.7.i686.rpm

SHA-256: 0323492c136132dbe6ceb51d72457d27565a85c9ab402cd2bcef3899bc6597e8

bind-debugsource-9.11.4-26.P2.el8_1.7.x86_64.rpm

SHA-256: 632c600a2ae49bd74d720ea307e7a8ba7ae0667d333a270b4c7486ad06efe07b

bind-debugsource-9.11.4-26.P2.el8_1.7.x86_64.rpm

SHA-256: 632c600a2ae49bd74d720ea307e7a8ba7ae0667d333a270b4c7486ad06efe07b

bind-devel-9.11.4-26.P2.el8_1.7.i686.rpm

SHA-256: bfac167a6cf5c34fcb6e918dff7952f97b2ebf5f5fe85c3bb49edcfcb2d4fdf5

bind-devel-9.11.4-26.P2.el8_1.7.x86_64.rpm

SHA-256: 95358200e5984008156926c6c1a2b34d78f8a43ebd854be7a9f3be4c4eb90c52

bind-export-devel-9.11.4-26.P2.el8_1.7.i686.rpm

SHA-256: 0be645b35e9fad0b8864c32112f04977b00a7c382fbd16cc41e3e8fc7ffe5344

bind-export-devel-9.11.4-26.P2.el8_1.7.x86_64.rpm

SHA-256: c3ce46e2635cb4e2a0f0d9a21f105f6dadd962432394a1a28241ab0ab918f67c

bind-export-libs-9.11.4-26.P2.el8_1.7.i686.rpm

SHA-256: 6fcd73a118ef4e5210752167c837ea0f26c0880df3d4476fc53dae9de029015d

bind-export-libs-9.11.4-26.P2.el8_1.7.x86_64.rpm

SHA-256: 731b266d16a91f82b8dd676d0a07b20e840eb96494ff6903380a9128d07a4553

bind-export-libs-debuginfo-9.11.4-26.P2.el8_1.7.i686.rpm

SHA-256: c2b527707d2ea8a7d4cf62399dc8fef080bd5bfab36b082ef2f8229380ae5b9c

bind-export-libs-debuginfo-9.11.4-26.P2.el8_1.7.i686.rpm

SHA-256: c2b527707d2ea8a7d4cf62399dc8fef080bd5bfab36b082ef2f8229380ae5b9c

bind-export-libs-debuginfo-9.11.4-26.P2.el8_1.7.x86_64.rpm

SHA-256: e21536bb93797b2687f5210d550399f2028504101a1a1e28aeefcf50f1d50ff3

bind-export-libs-debuginfo-9.11.4-26.P2.el8_1.7.x86_64.rpm

SHA-256: e21536bb93797b2687f5210d550399f2028504101a1a1e28aeefcf50f1d50ff3

bind-libs-9.11.4-26.P2.el8_1.7.i686.rpm

SHA-256: 2fe36451c1cecb477fe6f574e353e53a17572ee5f1fd357d4b4b1e88ed4c0304

bind-libs-9.11.4-26.P2.el8_1.7.x86_64.rpm

SHA-256: c3e0195cd2bc4ad508f4d9245c605533b68c8a860fce07f766c8478721ae4475

bind-libs-debuginfo-9.11.4-26.P2.el8_1.7.i686.rpm

SHA-256: eca69bc9bfc1ab43d692162d877a5a4c72fb0f21727c86baa60d8a4d65b46e08

bind-libs-debuginfo-9.11.4-26.P2.el8_1.7.i686.rpm

SHA-256: eca69bc9bfc1ab43d692162d877a5a4c72fb0f21727c86baa60d8a4d65b46e08

bind-libs-debuginfo-9.11.4-26.P2.el8_1.7.x86_64.rpm

SHA-256: 72e2f4d59f8d103aa4dfbb957a3a26c6af826dcfc83c12f9d8094b1cb5ee6d14

bind-libs-debuginfo-9.11.4-26.P2.el8_1.7.x86_64.rpm

SHA-256: 72e2f4d59f8d103aa4dfbb957a3a26c6af826dcfc83c12f9d8094b1cb5ee6d14

bind-libs-lite-9.11.4-26.P2.el8_1.7.i686.rpm

SHA-256: aa2d0f87f1e7cd24e53de7c53a468f172200b1632803325f7530d9c935b9c431

bind-libs-lite-9.11.4-26.P2.el8_1.7.x86_64.rpm

SHA-256: 224123677ea6527d4d50eb70c802488b25f6cb12e1879215e0f5c5030b064888

bind-libs-lite-debuginfo-9.11.4-26.P2.el8_1.7.i686.rpm

SHA-256: 31ee7686649becdeb0b5a144d522fe461c960476806091125a587b2be089ad4e

bind-libs-lite-debuginfo-9.11.4-26.P2.el8_1.7.i686.rpm

SHA-256: 31ee7686649becdeb0b5a144d522fe461c960476806091125a587b2be089ad4e

bind-libs-lite-debuginfo-9.11.4-26.P2.el8_1.7.x86_64.rpm

SHA-256: 7a1e6a051a118d75157bcba7e5e0555d0c80b8fc3a3942de8d63cadaa48b56fa

bind-libs-lite-debuginfo-9.11.4-26.P2.el8_1.7.x86_64.rpm

SHA-256: 7a1e6a051a118d75157bcba7e5e0555d0c80b8fc3a3942de8d63cadaa48b56fa

bind-license-9.11.4-26.P2.el8_1.7.noarch.rpm

SHA-256: 886f9ca800aaa884f7b48b17f08ab9234d3f952f8b30eb1d4cfb2d78e0e07486

bind-lite-devel-9.11.4-26.P2.el8_1.7.i686.rpm

SHA-256: e9e30339db143863595fd186b96233a58c2a8b8a3f04a69c2a5966bfacaca408

bind-lite-devel-9.11.4-26.P2.el8_1.7.x86_64.rpm

SHA-256: 6c30e330872709b39e11eb9954c0bb3e8e17cb457e25df1882c41c825814509c

bind-pkcs11-9.11.4-26.P2.el8_1.7.x86_64.rpm

SHA-256: 18e55699fbc1188e0ab508b7d5f9adc078305816240831b04a5c27c49962807b

bind-pkcs11-debuginfo-9.11.4-26.P2.el8_1.7.i686.rpm

SHA-256: 99743cf52eec438fcc73464416fd991c471a39507fb1daf4bbdf15426325c3b2

bind-pkcs11-debuginfo-9.11.4-26.P2.el8_1.7.i686.rpm

SHA-256: 99743cf52eec438fcc73464416fd991c471a39507fb1daf4bbdf15426325c3b2

bind-pkcs11-debuginfo-9.11.4-26.P2.el8_1.7.x86_64.rpm

SHA-256: f0e8003b815c318cb20478ffae9f105cc67975c846e498456d606df443c67423

bind-pkcs11-debuginfo-9.11.4-26.P2.el8_1.7.x86_64.rpm

SHA-256: f0e8003b815c318cb20478ffae9f105cc67975c846e498456d606df443c67423

bind-pkcs11-devel-9.11.4-26.P2.el8_1.7.i686.rpm

SHA-256: b0d299a84df574c9f67f6f58c9f8a93f1f5314c8ec0c77df4f5a1e6b40d5cbbc

bind-pkcs11-devel-9.11.4-26.P2.el8_1.7.x86_64.rpm

SHA-256: b0e7ae0601df30790f7489d01119c410d72a4012b3f9e41325559de05646456c

bind-pkcs11-libs-9.11.4-26.P2.el8_1.7.i686.rpm

SHA-256: 58530e4bb2c6c60ba04bbac11773f5c84c23794cba1dc16b139ef9ab6fc7708e

bind-pkcs11-libs-9.11.4-26.P2.el8_1.7.x86_64.rpm

SHA-256: 1600488248a2a364d8201d05a2bdd8f858f258f045a84197e7917be14b25b904

bind-pkcs11-libs-debuginfo-9.11.4-26.P2.el8_1.7.i686.rpm

SHA-256: 1fb1fd8feb08d110afed9896e5f56100fe1e4ba857175c4d98ede25b9dd7f1b3

bind-pkcs11-libs-debuginfo-9.11.4-26.P2.el8_1.7.i686.rpm

SHA-256: 1fb1fd8feb08d110afed9896e5f56100fe1e4ba857175c4d98ede25b9dd7f1b3

bind-pkcs11-libs-debuginfo-9.11.4-26.P2.el8_1.7.x86_64.rpm

SHA-256: dd1a371853dca1ce2bcedb658025191d803c9adcb10dff8bd229492b1d9de35e

bind-pkcs11-libs-debuginfo-9.11.4-26.P2.el8_1.7.x86_64.rpm

SHA-256: dd1a371853dca1ce2bcedb658025191d803c9adcb10dff8bd229492b1d9de35e

bind-pkcs11-utils-9.11.4-26.P2.el8_1.7.x86_64.rpm

SHA-256: 0725c0269147ee5a44c8c9ca22fbb42068dcde92007c77feed7c3d672455345b

bind-pkcs11-utils-debuginfo-9.11.4-26.P2.el8_1.7.i686.rpm

SHA-256: 3362d799aa04812daf1fb9444cecc12ff46ae4e3b7ac8e1f8d34fc52b4079cf6

bind-pkcs11-utils-debuginfo-9.11.4-26.P2.el8_1.7.i686.rpm

SHA-256: 3362d799aa04812daf1fb9444cecc12ff46ae4e3b7ac8e1f8d34fc52b4079cf6

bind-pkcs11-utils-debuginfo-9.11.4-26.P2.el8_1.7.x86_64.rpm

SHA-256: c5597e858cd93bc0a618f4081778ddcec4223ac9ead9a8f129ff59d844f1f485

bind-pkcs11-utils-debuginfo-9.11.4-26.P2.el8_1.7.x86_64.rpm

SHA-256: c5597e858cd93bc0a618f4081778ddcec4223ac9ead9a8f129ff59d844f1f485

bind-sdb-9.11.4-26.P2.el8_1.7.x86_64.rpm

SHA-256: f2aa2897b3121543e7ed2c732abfbdd62acfd8b7d2efd07bda735f100d17ce2a

bind-sdb-chroot-9.11.4-26.P2.el8_1.7.x86_64.rpm

SHA-256: edbdd424f371d34bc135e4daf0fbb94bfde144da0d6d7b8798f25d8e07cf646d

bind-sdb-debuginfo-9.11.4-26.P2.el8_1.7.i686.rpm

SHA-256: f902480052be0e6ea69c10d858bc062e6f4b96143b90d749243ad117ae97ea75

bind-sdb-debuginfo-9.11.4-26.P2.el8_1.7.i686.rpm

SHA-256: f902480052be0e6ea69c10d858bc062e6f4b96143b90d749243ad117ae97ea75

bind-sdb-debuginfo-9.11.4-26.P2.el8_1.7.x86_64.rpm

SHA-256: 63b1f9fe5edb1bef0a242a22f851f8c2bb5d511c99d18e6d7a68e4a8711bbc55

bind-sdb-debuginfo-9.11.4-26.P2.el8_1.7.x86_64.rpm

SHA-256: 63b1f9fe5edb1bef0a242a22f851f8c2bb5d511c99d18e6d7a68e4a8711bbc55

bind-utils-9.11.4-26.P2.el8_1.7.x86_64.rpm

SHA-256: ef0a1b318728c24f5c7d3cf0f9c8019f2908d9e7c36b1c0f8b8f792a16554347

bind-utils-debuginfo-9.11.4-26.P2.el8_1.7.i686.rpm

SHA-256: e4394f952647d60851b92f3cd6da162cc3816955c9362b93257322f0377b4388

bind-utils-debuginfo-9.11.4-26.P2.el8_1.7.i686.rpm

SHA-256: e4394f952647d60851b92f3cd6da162cc3816955c9362b93257322f0377b4388

bind-utils-debuginfo-9.11.4-26.P2.el8_1.7.x86_64.rpm

SHA-256: fe4ae4a71969ba6b6e35324061305d1c75133e7af2bafc845442a7e681a0706b

bind-utils-debuginfo-9.11.4-26.P2.el8_1.7.x86_64.rpm

SHA-256: fe4ae4a71969ba6b6e35324061305d1c75133e7af2bafc845442a7e681a0706b

python3-bind-9.11.4-26.P2.el8_1.7.noarch.rpm

SHA-256: 3cc8aace6452c19452a4f7ccf2c56875dbe82bad48e829d0a0609b577e6f058f

Related news

High-Severity Flaws Uncovered in Atlassian Products and ISC BIND Server

Atlassian and the Internet Systems Consortium (ISC) have disclosed several security flaws impacting their products that could be exploited to achieve denial-of-service (DoS) and remote code execution. The Australian software services provider said that the four high-severity flaws were fixed in new versions shipped last month. This includes - CVE-2022-25647 (CVSS score: 7.5) - A deserialization

Red Hat Security Advisory 2023-5029-01

Red Hat Security Advisory 2023-5029-01 - An update is now available for Red Hat OpenShift GitOps 1.9. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-4972-01

Red Hat Security Advisory 2023-4972-01 - Multicluster Engine for Kubernetes 2.1.8 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2023-4893-01

Red Hat Security Advisory 2023-4893-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.

CVE-2023-37249: NIOS is vulnerable to CVE-2023-37249

Infoblox NIOS through 8.5.1 has a faulty component that accepts malicious input without sanitization, resulting in shell access.

RHSA-2023:4650: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.2.7 security updates and bug fixes

Multicluster Engine for Kubernetes 2.2.7 General Availability release images, which provide security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated. * CVE-2023-37903: A flaw was found in the vm2 custom inspect function, which allows attackers to escape t...

Red Hat Security Advisory 2023-4627-01

Red Hat Security Advisory 2023-4627-01 - Migration Toolkit for Applications 6.2.0 Images. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-4625-01

Red Hat Security Advisory 2023-4625-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.

Red Hat Security Advisory 2023-4421-01

Red Hat Security Advisory 2023-4421-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.12.5 images.

RHSA-2023:4310: Red Hat Security Advisory: OpenShift Container Platform 4.11.46 security update

Red Hat OpenShift Container Platform release 4.11.46 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: A flaw was found in golang. The language package for go language can panic due to an out-of-bounds read when an incorrectly formatted language tag is being parsed. This flaw allows a...

Red Hat Security Advisory 2023-4332-01

Red Hat Security Advisory 2023-4332-01 - An update for bind is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important.

Red Hat Security Advisory 2023-4226-01

Red Hat Security Advisory 2023-4226-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.6.

Red Hat Security Advisory 2023-4225-01

Red Hat Security Advisory 2023-4225-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.6.

RHSA-2023:4226: Red Hat Security Advisory: OpenShift Container Platform 4.13.6 bug fix and security update

Red Hat OpenShift Container Platform release 4.13.6 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number...

RHSA-2023:4225: Red Hat Security Advisory: OpenShift Container Platform 4.13.6 security and extras update

Red Hat OpenShift Container Platform release 4.13.6 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.

Red Hat Security Advisory 2023-4154-01

Red Hat Security Advisory 2023-4154-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly.

Red Hat Security Advisory 2023-4152-01

Red Hat Security Advisory 2023-4152-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly.

Red Hat Security Advisory 2023-4100-01

Red Hat Security Advisory 2023-4100-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly.

RHSA-2023:4152: Red Hat Security Advisory: bind security update

An update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2828: A vulnerability was found in BIND. The effectiveness of the cache-cleaning algorithm used in named can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured max-cache-size limit to exceed significantly.

RHSA-2023:4153: Red Hat Security Advisory: bind security update

An update for bind is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2828: A vulnerability was found in BIND. The effectiveness of the cache-cleaning algorithm used in named can be severely diminished by querying the resolver for specific RRsets in a certain order, ef...

Red Hat Security Advisory 2023-4037-01

Red Hat Security Advisory 2023-4037-01 - An update for bind9.16 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

RHSA-2023:4037: Red Hat Security Advisory: bind9.16 security update

An update for bind9.16 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2828: A vulnerability was found in BIND. The effectiveness of the cache-cleaning algorithm used in named can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured max-cache-size limit to exceed significantly.

Red Hat Security Advisory 2023-4005-02

Red Hat Security Advisory 2023-4005-02 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly.

RHSA-2023:4005: Red Hat Security Advisory: bind security update

An update for bind is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2828: A vulnerability was found in BIND. The effectiveness of the cache-cleaning algorithm used in named can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured max-cache-size limit to exceed significantly.

Debian Security Advisory 5439-1

Debian Linux Security Advisory 5439-1 - Several vulnerabilities were discovered in BIND, a DNS server implementation.

U.S. Cybersecurity Agency Adds 6 Flaws to Known Exploited Vulnerabilities Catalog

The U.S. Cybersecurity and Infrastructure Security Agency has added a batch of six flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. This comprises three vulnerabilities that Apple patched this week (CVE-2023-32434, CVE-2023-32435, and CVE-2023-32439), two flaws in VMware (CVE-2023-20867 and CVE-2023-20887), and one shortcoming impacting Zyxel

Ubuntu Security Notice USN-6183-1

Ubuntu Security Notice 6183-1 - Shoham Danino, Anat Bremler-Barr, Yehuda Afek, and Yuval Shavitt discovered that Bind incorrectly handled the cache size limit. A remote attacker could possibly use this issue to consume memory, leading to a denial of service. It was discovered that Bind incorrectly handled the recursive-clients quota. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 22.10, and Ubuntu 23.04.

CVE-2023-2828: CVE-2023-2828

Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the `max-cache-size` statement in the configuration file; it defaults to 90% of the total amount of memory available on the host. When the size of the cache reaches 7/8 of the configured limit, a cache-cleaning algorithm starts to remove expired and/or least-recently used RRsets from the cache, to keep memory use below the configured limit. It has been discovered that the effectiveness of the cache-cleaning algorithm used in `named` can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured `max-cache-size` limit to be significantly exceeded. This issue affects BIND 9 versions 9.11.0 through 9.16.41, 9.18.0 through 9.18.15, 9.19.0 through 9.19.13, 9.11.3-S1 through 9.16.41-S1, and 9...