Headline
RHSA-2023:4154: Red Hat Security Advisory: bind security update
An update for bind is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-2828: A vulnerability was found in BIND. The effectiveness of the cache-cleaning algorithm used in named can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured max-cache-size limit to exceed significantly.
Synopsis
Important: bind security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for bind is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.
Security Fix(es):
- bind: named’s configured cache size limit can be significantly exceeded (CVE-2023-2828)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, the BIND daemon (named) will be restarted automatically.
Affected Products
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.1 x86_64
Fixes
- BZ - 2216227 - CVE-2023-2828 bind: named’s configured cache size limit can be significantly exceeded
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1
SRPM
bind-9.11.4-26.P2.el8_1.7.src.rpm
SHA-256: d54fbab3ed48be57a5ee036a441477b303d30dbe9f3e0dd8e942223905244195
ppc64le
bind-9.11.4-26.P2.el8_1.7.ppc64le.rpm
SHA-256: 8b87190c3ece6980863a062dd5dd7c9bc31816dd23d205091e90572f20bd8666
bind-chroot-9.11.4-26.P2.el8_1.7.ppc64le.rpm
SHA-256: 6ee0be99ab483dc87c5de3d8c76ca9a9619be615b847dd8db68d3dd542d6720c
bind-debuginfo-9.11.4-26.P2.el8_1.7.ppc64le.rpm
SHA-256: f155c3fdbd7a5d7feeda2528ae319b8ad3e064cfc4890d3531d8abdf03728d35
bind-debuginfo-9.11.4-26.P2.el8_1.7.ppc64le.rpm
SHA-256: f155c3fdbd7a5d7feeda2528ae319b8ad3e064cfc4890d3531d8abdf03728d35
bind-debugsource-9.11.4-26.P2.el8_1.7.ppc64le.rpm
SHA-256: ed3e824061a69dc1de49c5da93efb64ec9def678a54643819b74b588122157e9
bind-debugsource-9.11.4-26.P2.el8_1.7.ppc64le.rpm
SHA-256: ed3e824061a69dc1de49c5da93efb64ec9def678a54643819b74b588122157e9
bind-devel-9.11.4-26.P2.el8_1.7.ppc64le.rpm
SHA-256: 13aaf927cbc3dc9f028464a5e0beb57ba3561a12e9207a940fe677be85f86b88
bind-export-devel-9.11.4-26.P2.el8_1.7.ppc64le.rpm
SHA-256: 4f5044d062f7c4213a00413991f71559a7c2d84e9009a1f9265ce1370120deaa
bind-export-libs-9.11.4-26.P2.el8_1.7.ppc64le.rpm
SHA-256: 6d060ffe8629b64be03bde717aec7a80f75d4f87f5acbf116805cc7e3d8dd293
bind-export-libs-debuginfo-9.11.4-26.P2.el8_1.7.ppc64le.rpm
SHA-256: c9d6f68f9298f8b8e4a966583926e0209d41c26bb0a8b09dd74a5a46e55b02ee
bind-export-libs-debuginfo-9.11.4-26.P2.el8_1.7.ppc64le.rpm
SHA-256: c9d6f68f9298f8b8e4a966583926e0209d41c26bb0a8b09dd74a5a46e55b02ee
bind-libs-9.11.4-26.P2.el8_1.7.ppc64le.rpm
SHA-256: 6bc2e6c14aadae3570caf4dfac07424f819c9177712faa4a28a9c502393f760f
bind-libs-debuginfo-9.11.4-26.P2.el8_1.7.ppc64le.rpm
SHA-256: ed4bcc3cc9e87d89ee0630bb957e8a174493c6518b8c9bf179bdb0f52ce8bc26
bind-libs-debuginfo-9.11.4-26.P2.el8_1.7.ppc64le.rpm
SHA-256: ed4bcc3cc9e87d89ee0630bb957e8a174493c6518b8c9bf179bdb0f52ce8bc26
bind-libs-lite-9.11.4-26.P2.el8_1.7.ppc64le.rpm
SHA-256: 7f4f853c6a502d1329ff00f6a1571c86917fd4ca651de8ee7615c21ffb7e0ce2
bind-libs-lite-debuginfo-9.11.4-26.P2.el8_1.7.ppc64le.rpm
SHA-256: 979d55626987dac68bc9cf837b46e0ed72ac9151f10d91c04aaac7dede882275
bind-libs-lite-debuginfo-9.11.4-26.P2.el8_1.7.ppc64le.rpm
SHA-256: 979d55626987dac68bc9cf837b46e0ed72ac9151f10d91c04aaac7dede882275
bind-license-9.11.4-26.P2.el8_1.7.noarch.rpm
SHA-256: 886f9ca800aaa884f7b48b17f08ab9234d3f952f8b30eb1d4cfb2d78e0e07486
bind-lite-devel-9.11.4-26.P2.el8_1.7.ppc64le.rpm
SHA-256: 8da0c72b248843169e91af66fae5a75942ad6d44444252c1fff2ef76fb585b37
bind-pkcs11-9.11.4-26.P2.el8_1.7.ppc64le.rpm
SHA-256: eb8793b8f46e62ceae15afdf06fe58af517da23a93e9e0a49a1e8a3ca7c63c0b
bind-pkcs11-debuginfo-9.11.4-26.P2.el8_1.7.ppc64le.rpm
SHA-256: 02354ca714c7df58e846547759fc90afc92fac1debe61822c8cafdb8f0a12503
bind-pkcs11-debuginfo-9.11.4-26.P2.el8_1.7.ppc64le.rpm
SHA-256: 02354ca714c7df58e846547759fc90afc92fac1debe61822c8cafdb8f0a12503
bind-pkcs11-devel-9.11.4-26.P2.el8_1.7.ppc64le.rpm
SHA-256: 0be28734e08d57c8ae60fff0c709197a0312057d42cb0f390cd559e5f8ef29b8
bind-pkcs11-libs-9.11.4-26.P2.el8_1.7.ppc64le.rpm
SHA-256: 589c302ac86b6459207ebdbdc20bdebb6a6bef4682aa00f762dacb1cbd69d54a
bind-pkcs11-libs-debuginfo-9.11.4-26.P2.el8_1.7.ppc64le.rpm
SHA-256: dbf7bd88cc8993367a4b5a75636c8dd11c5f95e8bc14f3c5ad04bedaae436432
bind-pkcs11-libs-debuginfo-9.11.4-26.P2.el8_1.7.ppc64le.rpm
SHA-256: dbf7bd88cc8993367a4b5a75636c8dd11c5f95e8bc14f3c5ad04bedaae436432
bind-pkcs11-utils-9.11.4-26.P2.el8_1.7.ppc64le.rpm
SHA-256: a2ad7aefb906a5d661143f10bfc28631593a86ac16d1e9bcd245e635c1b56a30
bind-pkcs11-utils-debuginfo-9.11.4-26.P2.el8_1.7.ppc64le.rpm
SHA-256: 169a1804ef5f56f83063f8d76b73a7d07ef04959377519179d0332999b06b4e3
bind-pkcs11-utils-debuginfo-9.11.4-26.P2.el8_1.7.ppc64le.rpm
SHA-256: 169a1804ef5f56f83063f8d76b73a7d07ef04959377519179d0332999b06b4e3
bind-sdb-9.11.4-26.P2.el8_1.7.ppc64le.rpm
SHA-256: d6b7486abb52d034e38f0071e67bc05e662c34572d56d96ea5cac250a4db943d
bind-sdb-chroot-9.11.4-26.P2.el8_1.7.ppc64le.rpm
SHA-256: 9f0f256d97f61b6dd5f2866cd37dbf90a1c09a1bfa958c07698ad37522fea06c
bind-sdb-debuginfo-9.11.4-26.P2.el8_1.7.ppc64le.rpm
SHA-256: f1086bf7ed92b25fe9bb42d73add6aa215654e19e466d48e0884c46b8f8ba075
bind-sdb-debuginfo-9.11.4-26.P2.el8_1.7.ppc64le.rpm
SHA-256: f1086bf7ed92b25fe9bb42d73add6aa215654e19e466d48e0884c46b8f8ba075
bind-utils-9.11.4-26.P2.el8_1.7.ppc64le.rpm
SHA-256: 7382460d21d1edaf98ad44cd5a86197bc81a687f39af000714d95c7daab4f36d
bind-utils-debuginfo-9.11.4-26.P2.el8_1.7.ppc64le.rpm
SHA-256: de1c572f73070008432740d1341f49c3b0331db74bff52369d2165db34d5daa6
bind-utils-debuginfo-9.11.4-26.P2.el8_1.7.ppc64le.rpm
SHA-256: de1c572f73070008432740d1341f49c3b0331db74bff52369d2165db34d5daa6
python3-bind-9.11.4-26.P2.el8_1.7.noarch.rpm
SHA-256: 3cc8aace6452c19452a4f7ccf2c56875dbe82bad48e829d0a0609b577e6f058f
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.1
SRPM
bind-9.11.4-26.P2.el8_1.7.src.rpm
SHA-256: d54fbab3ed48be57a5ee036a441477b303d30dbe9f3e0dd8e942223905244195
x86_64
bind-9.11.4-26.P2.el8_1.7.x86_64.rpm
SHA-256: 559dc019f3036a02ce9ff359c2e1cfb6f8cde2b54c98b1606f654edefbf3d7a5
bind-chroot-9.11.4-26.P2.el8_1.7.x86_64.rpm
SHA-256: f537e5ee2291a76bc5591343c5d1bcda169919b9c90d044b93b12fd0b85923c7
bind-debuginfo-9.11.4-26.P2.el8_1.7.i686.rpm
SHA-256: 0d4f89e1f5f0a6088005d58035e924f7027a4b626ce2f0950d357e4d39ec8e2a
bind-debuginfo-9.11.4-26.P2.el8_1.7.i686.rpm
SHA-256: 0d4f89e1f5f0a6088005d58035e924f7027a4b626ce2f0950d357e4d39ec8e2a
bind-debuginfo-9.11.4-26.P2.el8_1.7.x86_64.rpm
SHA-256: b8ca289e5c1916aadb7f1e1a8736fafd6c221cb1b11c4d1656f176879506a27e
bind-debuginfo-9.11.4-26.P2.el8_1.7.x86_64.rpm
SHA-256: b8ca289e5c1916aadb7f1e1a8736fafd6c221cb1b11c4d1656f176879506a27e
bind-debugsource-9.11.4-26.P2.el8_1.7.i686.rpm
SHA-256: 0323492c136132dbe6ceb51d72457d27565a85c9ab402cd2bcef3899bc6597e8
bind-debugsource-9.11.4-26.P2.el8_1.7.i686.rpm
SHA-256: 0323492c136132dbe6ceb51d72457d27565a85c9ab402cd2bcef3899bc6597e8
bind-debugsource-9.11.4-26.P2.el8_1.7.x86_64.rpm
SHA-256: 632c600a2ae49bd74d720ea307e7a8ba7ae0667d333a270b4c7486ad06efe07b
bind-debugsource-9.11.4-26.P2.el8_1.7.x86_64.rpm
SHA-256: 632c600a2ae49bd74d720ea307e7a8ba7ae0667d333a270b4c7486ad06efe07b
bind-devel-9.11.4-26.P2.el8_1.7.i686.rpm
SHA-256: bfac167a6cf5c34fcb6e918dff7952f97b2ebf5f5fe85c3bb49edcfcb2d4fdf5
bind-devel-9.11.4-26.P2.el8_1.7.x86_64.rpm
SHA-256: 95358200e5984008156926c6c1a2b34d78f8a43ebd854be7a9f3be4c4eb90c52
bind-export-devel-9.11.4-26.P2.el8_1.7.i686.rpm
SHA-256: 0be645b35e9fad0b8864c32112f04977b00a7c382fbd16cc41e3e8fc7ffe5344
bind-export-devel-9.11.4-26.P2.el8_1.7.x86_64.rpm
SHA-256: c3ce46e2635cb4e2a0f0d9a21f105f6dadd962432394a1a28241ab0ab918f67c
bind-export-libs-9.11.4-26.P2.el8_1.7.i686.rpm
SHA-256: 6fcd73a118ef4e5210752167c837ea0f26c0880df3d4476fc53dae9de029015d
bind-export-libs-9.11.4-26.P2.el8_1.7.x86_64.rpm
SHA-256: 731b266d16a91f82b8dd676d0a07b20e840eb96494ff6903380a9128d07a4553
bind-export-libs-debuginfo-9.11.4-26.P2.el8_1.7.i686.rpm
SHA-256: c2b527707d2ea8a7d4cf62399dc8fef080bd5bfab36b082ef2f8229380ae5b9c
bind-export-libs-debuginfo-9.11.4-26.P2.el8_1.7.i686.rpm
SHA-256: c2b527707d2ea8a7d4cf62399dc8fef080bd5bfab36b082ef2f8229380ae5b9c
bind-export-libs-debuginfo-9.11.4-26.P2.el8_1.7.x86_64.rpm
SHA-256: e21536bb93797b2687f5210d550399f2028504101a1a1e28aeefcf50f1d50ff3
bind-export-libs-debuginfo-9.11.4-26.P2.el8_1.7.x86_64.rpm
SHA-256: e21536bb93797b2687f5210d550399f2028504101a1a1e28aeefcf50f1d50ff3
bind-libs-9.11.4-26.P2.el8_1.7.i686.rpm
SHA-256: 2fe36451c1cecb477fe6f574e353e53a17572ee5f1fd357d4b4b1e88ed4c0304
bind-libs-9.11.4-26.P2.el8_1.7.x86_64.rpm
SHA-256: c3e0195cd2bc4ad508f4d9245c605533b68c8a860fce07f766c8478721ae4475
bind-libs-debuginfo-9.11.4-26.P2.el8_1.7.i686.rpm
SHA-256: eca69bc9bfc1ab43d692162d877a5a4c72fb0f21727c86baa60d8a4d65b46e08
bind-libs-debuginfo-9.11.4-26.P2.el8_1.7.i686.rpm
SHA-256: eca69bc9bfc1ab43d692162d877a5a4c72fb0f21727c86baa60d8a4d65b46e08
bind-libs-debuginfo-9.11.4-26.P2.el8_1.7.x86_64.rpm
SHA-256: 72e2f4d59f8d103aa4dfbb957a3a26c6af826dcfc83c12f9d8094b1cb5ee6d14
bind-libs-debuginfo-9.11.4-26.P2.el8_1.7.x86_64.rpm
SHA-256: 72e2f4d59f8d103aa4dfbb957a3a26c6af826dcfc83c12f9d8094b1cb5ee6d14
bind-libs-lite-9.11.4-26.P2.el8_1.7.i686.rpm
SHA-256: aa2d0f87f1e7cd24e53de7c53a468f172200b1632803325f7530d9c935b9c431
bind-libs-lite-9.11.4-26.P2.el8_1.7.x86_64.rpm
SHA-256: 224123677ea6527d4d50eb70c802488b25f6cb12e1879215e0f5c5030b064888
bind-libs-lite-debuginfo-9.11.4-26.P2.el8_1.7.i686.rpm
SHA-256: 31ee7686649becdeb0b5a144d522fe461c960476806091125a587b2be089ad4e
bind-libs-lite-debuginfo-9.11.4-26.P2.el8_1.7.i686.rpm
SHA-256: 31ee7686649becdeb0b5a144d522fe461c960476806091125a587b2be089ad4e
bind-libs-lite-debuginfo-9.11.4-26.P2.el8_1.7.x86_64.rpm
SHA-256: 7a1e6a051a118d75157bcba7e5e0555d0c80b8fc3a3942de8d63cadaa48b56fa
bind-libs-lite-debuginfo-9.11.4-26.P2.el8_1.7.x86_64.rpm
SHA-256: 7a1e6a051a118d75157bcba7e5e0555d0c80b8fc3a3942de8d63cadaa48b56fa
bind-license-9.11.4-26.P2.el8_1.7.noarch.rpm
SHA-256: 886f9ca800aaa884f7b48b17f08ab9234d3f952f8b30eb1d4cfb2d78e0e07486
bind-lite-devel-9.11.4-26.P2.el8_1.7.i686.rpm
SHA-256: e9e30339db143863595fd186b96233a58c2a8b8a3f04a69c2a5966bfacaca408
bind-lite-devel-9.11.4-26.P2.el8_1.7.x86_64.rpm
SHA-256: 6c30e330872709b39e11eb9954c0bb3e8e17cb457e25df1882c41c825814509c
bind-pkcs11-9.11.4-26.P2.el8_1.7.x86_64.rpm
SHA-256: 18e55699fbc1188e0ab508b7d5f9adc078305816240831b04a5c27c49962807b
bind-pkcs11-debuginfo-9.11.4-26.P2.el8_1.7.i686.rpm
SHA-256: 99743cf52eec438fcc73464416fd991c471a39507fb1daf4bbdf15426325c3b2
bind-pkcs11-debuginfo-9.11.4-26.P2.el8_1.7.i686.rpm
SHA-256: 99743cf52eec438fcc73464416fd991c471a39507fb1daf4bbdf15426325c3b2
bind-pkcs11-debuginfo-9.11.4-26.P2.el8_1.7.x86_64.rpm
SHA-256: f0e8003b815c318cb20478ffae9f105cc67975c846e498456d606df443c67423
bind-pkcs11-debuginfo-9.11.4-26.P2.el8_1.7.x86_64.rpm
SHA-256: f0e8003b815c318cb20478ffae9f105cc67975c846e498456d606df443c67423
bind-pkcs11-devel-9.11.4-26.P2.el8_1.7.i686.rpm
SHA-256: b0d299a84df574c9f67f6f58c9f8a93f1f5314c8ec0c77df4f5a1e6b40d5cbbc
bind-pkcs11-devel-9.11.4-26.P2.el8_1.7.x86_64.rpm
SHA-256: b0e7ae0601df30790f7489d01119c410d72a4012b3f9e41325559de05646456c
bind-pkcs11-libs-9.11.4-26.P2.el8_1.7.i686.rpm
SHA-256: 58530e4bb2c6c60ba04bbac11773f5c84c23794cba1dc16b139ef9ab6fc7708e
bind-pkcs11-libs-9.11.4-26.P2.el8_1.7.x86_64.rpm
SHA-256: 1600488248a2a364d8201d05a2bdd8f858f258f045a84197e7917be14b25b904
bind-pkcs11-libs-debuginfo-9.11.4-26.P2.el8_1.7.i686.rpm
SHA-256: 1fb1fd8feb08d110afed9896e5f56100fe1e4ba857175c4d98ede25b9dd7f1b3
bind-pkcs11-libs-debuginfo-9.11.4-26.P2.el8_1.7.i686.rpm
SHA-256: 1fb1fd8feb08d110afed9896e5f56100fe1e4ba857175c4d98ede25b9dd7f1b3
bind-pkcs11-libs-debuginfo-9.11.4-26.P2.el8_1.7.x86_64.rpm
SHA-256: dd1a371853dca1ce2bcedb658025191d803c9adcb10dff8bd229492b1d9de35e
bind-pkcs11-libs-debuginfo-9.11.4-26.P2.el8_1.7.x86_64.rpm
SHA-256: dd1a371853dca1ce2bcedb658025191d803c9adcb10dff8bd229492b1d9de35e
bind-pkcs11-utils-9.11.4-26.P2.el8_1.7.x86_64.rpm
SHA-256: 0725c0269147ee5a44c8c9ca22fbb42068dcde92007c77feed7c3d672455345b
bind-pkcs11-utils-debuginfo-9.11.4-26.P2.el8_1.7.i686.rpm
SHA-256: 3362d799aa04812daf1fb9444cecc12ff46ae4e3b7ac8e1f8d34fc52b4079cf6
bind-pkcs11-utils-debuginfo-9.11.4-26.P2.el8_1.7.i686.rpm
SHA-256: 3362d799aa04812daf1fb9444cecc12ff46ae4e3b7ac8e1f8d34fc52b4079cf6
bind-pkcs11-utils-debuginfo-9.11.4-26.P2.el8_1.7.x86_64.rpm
SHA-256: c5597e858cd93bc0a618f4081778ddcec4223ac9ead9a8f129ff59d844f1f485
bind-pkcs11-utils-debuginfo-9.11.4-26.P2.el8_1.7.x86_64.rpm
SHA-256: c5597e858cd93bc0a618f4081778ddcec4223ac9ead9a8f129ff59d844f1f485
bind-sdb-9.11.4-26.P2.el8_1.7.x86_64.rpm
SHA-256: f2aa2897b3121543e7ed2c732abfbdd62acfd8b7d2efd07bda735f100d17ce2a
bind-sdb-chroot-9.11.4-26.P2.el8_1.7.x86_64.rpm
SHA-256: edbdd424f371d34bc135e4daf0fbb94bfde144da0d6d7b8798f25d8e07cf646d
bind-sdb-debuginfo-9.11.4-26.P2.el8_1.7.i686.rpm
SHA-256: f902480052be0e6ea69c10d858bc062e6f4b96143b90d749243ad117ae97ea75
bind-sdb-debuginfo-9.11.4-26.P2.el8_1.7.i686.rpm
SHA-256: f902480052be0e6ea69c10d858bc062e6f4b96143b90d749243ad117ae97ea75
bind-sdb-debuginfo-9.11.4-26.P2.el8_1.7.x86_64.rpm
SHA-256: 63b1f9fe5edb1bef0a242a22f851f8c2bb5d511c99d18e6d7a68e4a8711bbc55
bind-sdb-debuginfo-9.11.4-26.P2.el8_1.7.x86_64.rpm
SHA-256: 63b1f9fe5edb1bef0a242a22f851f8c2bb5d511c99d18e6d7a68e4a8711bbc55
bind-utils-9.11.4-26.P2.el8_1.7.x86_64.rpm
SHA-256: ef0a1b318728c24f5c7d3cf0f9c8019f2908d9e7c36b1c0f8b8f792a16554347
bind-utils-debuginfo-9.11.4-26.P2.el8_1.7.i686.rpm
SHA-256: e4394f952647d60851b92f3cd6da162cc3816955c9362b93257322f0377b4388
bind-utils-debuginfo-9.11.4-26.P2.el8_1.7.i686.rpm
SHA-256: e4394f952647d60851b92f3cd6da162cc3816955c9362b93257322f0377b4388
bind-utils-debuginfo-9.11.4-26.P2.el8_1.7.x86_64.rpm
SHA-256: fe4ae4a71969ba6b6e35324061305d1c75133e7af2bafc845442a7e681a0706b
bind-utils-debuginfo-9.11.4-26.P2.el8_1.7.x86_64.rpm
SHA-256: fe4ae4a71969ba6b6e35324061305d1c75133e7af2bafc845442a7e681a0706b
python3-bind-9.11.4-26.P2.el8_1.7.noarch.rpm
SHA-256: 3cc8aace6452c19452a4f7ccf2c56875dbe82bad48e829d0a0609b577e6f058f
Related news
Atlassian and the Internet Systems Consortium (ISC) have disclosed several security flaws impacting their products that could be exploited to achieve denial-of-service (DoS) and remote code execution. The Australian software services provider said that the four high-severity flaws were fixed in new versions shipped last month. This includes - CVE-2022-25647 (CVSS score: 7.5) - A deserialization
Red Hat Security Advisory 2023-5029-01 - An update is now available for Red Hat OpenShift GitOps 1.9. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-4972-01 - Multicluster Engine for Kubernetes 2.1.8 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-4893-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.
Infoblox NIOS through 8.5.1 has a faulty component that accepts malicious input without sanitization, resulting in shell access.
Multicluster Engine for Kubernetes 2.2.7 General Availability release images, which provide security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated. * CVE-2023-37903: A flaw was found in the vm2 custom inspect function, which allows attackers to escape t...
Red Hat Security Advisory 2023-4627-01 - Migration Toolkit for Applications 6.2.0 Images. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-4625-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.
Red Hat Security Advisory 2023-4421-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.12.5 images.
Red Hat OpenShift Container Platform release 4.11.46 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: A flaw was found in golang. The language package for go language can panic due to an out-of-bounds read when an incorrectly formatted language tag is being parsed. This flaw allows a...
Red Hat Security Advisory 2023-4332-01 - An update for bind is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important.
Red Hat Security Advisory 2023-4226-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.6.
Red Hat Security Advisory 2023-4225-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.6.
Red Hat OpenShift Container Platform release 4.13.6 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number...
Red Hat OpenShift Container Platform release 4.13.6 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.
Red Hat Security Advisory 2023-4154-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly.
Red Hat Security Advisory 2023-4152-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly.
Red Hat Security Advisory 2023-4100-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly.
An update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2828: A vulnerability was found in BIND. The effectiveness of the cache-cleaning algorithm used in named can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured max-cache-size limit to exceed significantly.
An update for bind is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2828: A vulnerability was found in BIND. The effectiveness of the cache-cleaning algorithm used in named can be severely diminished by querying the resolver for specific RRsets in a certain order, ef...
Red Hat Security Advisory 2023-4037-01 - An update for bind9.16 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.
An update for bind9.16 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2828: A vulnerability was found in BIND. The effectiveness of the cache-cleaning algorithm used in named can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured max-cache-size limit to exceed significantly.
Red Hat Security Advisory 2023-4005-02 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly.
An update for bind is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2828: A vulnerability was found in BIND. The effectiveness of the cache-cleaning algorithm used in named can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured max-cache-size limit to exceed significantly.
Debian Linux Security Advisory 5439-1 - Several vulnerabilities were discovered in BIND, a DNS server implementation.
The U.S. Cybersecurity and Infrastructure Security Agency has added a batch of six flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. This comprises three vulnerabilities that Apple patched this week (CVE-2023-32434, CVE-2023-32435, and CVE-2023-32439), two flaws in VMware (CVE-2023-20867 and CVE-2023-20887), and one shortcoming impacting Zyxel
Ubuntu Security Notice 6183-1 - Shoham Danino, Anat Bremler-Barr, Yehuda Afek, and Yuval Shavitt discovered that Bind incorrectly handled the cache size limit. A remote attacker could possibly use this issue to consume memory, leading to a denial of service. It was discovered that Bind incorrectly handled the recursive-clients quota. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 22.10, and Ubuntu 23.04.
Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the `max-cache-size` statement in the configuration file; it defaults to 90% of the total amount of memory available on the host. When the size of the cache reaches 7/8 of the configured limit, a cache-cleaning algorithm starts to remove expired and/or least-recently used RRsets from the cache, to keep memory use below the configured limit. It has been discovered that the effectiveness of the cache-cleaning algorithm used in `named` can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured `max-cache-size` limit to be significantly exceeded. This issue affects BIND 9 versions 9.11.0 through 9.16.41, 9.18.0 through 9.18.15, 9.19.0 through 9.19.13, 9.11.3-S1 through 9.16.41-S1, and 9...