Headline
RHSA-2023:2792: Red Hat Security Advisory: bind9.16 security and bug fix update
An update for bind9.16 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-2795: A flaw was found in bind. When flooding the target resolver with special queries, an attacker can significantly impair the resolver’s performance, effectively denying legitimate clients access to the DNS resolution service.
- CVE-2022-3094: A flaw was found in Bind, where sending a flood of dynamic DNS updates may cause named to allocate large amounts of memory. This issue may cause named to exit due to a lack of free memory, resulting in a denial of service (DoS).
- CVE-2022-3736: A flaw was found in Bind, where a resolver crash is possible. When stale cache and stale answers are enabled, the option stale-answer-client-timeout is set to a positive integer, and the resolver receives an RRSIG query.
- CVE-2022-3924: A flaw was found in Bind. When resolver receives many queries requiring recursion, there will be a corresponding increase in the number of clients waiting for recursion to complete. This may, under certain conditions, lead to an assertion failure and a denial of service.
Synopsis
Moderate: bind9.16 security and bug fix update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for bind9.16 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.
Security Fix(es):
- bind: processing large delegations may severely degrade resolver performance (CVE-2022-2795)
- bind: flooding with UPDATE requests may lead to DoS (CVE-2022-3094)
- bind: sending specific queries to the resolver may cause a DoS (CVE-2022-3736)
- bind: sending specific queries to the resolver may cause a DoS (CVE-2022-3924)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.8 Release Notes linked from the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for ARM 64 8 aarch64
- Red Hat CodeReady Linux Builder for x86_64 8 x86_64
- Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le
- Red Hat CodeReady Linux Builder for ARM 64 8 aarch64
- Red Hat CodeReady Linux Builder for IBM z Systems 8 s390x
Fixes
- BZ - 2115322 - bind9.16-dnssec-utils should be in AppStream repository
- BZ - 2128584 - CVE-2022-2795 bind: processing large delegations may severely degrade resolver performance
- BZ - 2164032 - CVE-2022-3094 bind: flooding with UPDATE requests may lead to DoS
- BZ - 2164038 - CVE-2022-3736 bind: sending specific queries to the resolver may cause a DoS
- BZ - 2164039 - CVE-2022-3924 bind: sending specific queries to the resolver may cause a DoS
CVEs
- CVE-2022-2795
- CVE-2022-3094
- CVE-2022-3736
- CVE-2022-3924
References
- https://access.redhat.com/security/updates/classification/#moderate
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index
Red Hat Enterprise Linux for x86_64 8
SRPM
bind9.16-9.16.23-0.14.el8.src.rpm
SHA-256: f72a505ebd2df520c49e2273bb28290738e41ac017dcd8d9da1bae3f13126789
x86_64
bind9.16-9.16.23-0.14.el8.x86_64.rpm
SHA-256: aac013228e9d94adea8ce78e9ac77bcf64eb847bb4be5c3503fd44318674b76c
bind9.16-chroot-9.16.23-0.14.el8.x86_64.rpm
SHA-256: b2922cc7aeecd7b622f6379d46501934bcdc566f3d27c781c037aeb30b6460bc
bind9.16-debuginfo-9.16.23-0.14.el8.x86_64.rpm
SHA-256: 09c631f33e584e01eef36af6fc2369167614dcbde4340cfe3fd89c63428e4f1d
bind9.16-debugsource-9.16.23-0.14.el8.x86_64.rpm
SHA-256: 83aba3a792a7e21edcf6397f24426fd9438b7565500003cf38d2a8b5166bfe38
bind9.16-dnssec-utils-9.16.23-0.14.el8.x86_64.rpm
SHA-256: a9b3647652f4462ed1ca29b2a6aec953301e7f8f382460197e7d9e44786b39dd
bind9.16-dnssec-utils-debuginfo-9.16.23-0.14.el8.x86_64.rpm
SHA-256: 92173d69a782550d19344cea94467ce6ed7fb5d3174b4cc725dfdb6ad9f9a803
bind9.16-libs-9.16.23-0.14.el8.x86_64.rpm
SHA-256: 40ca76349f330b9eeeafa7f2325c259de096354cb6dfd1f9199beeb3a765355b
bind9.16-libs-debuginfo-9.16.23-0.14.el8.x86_64.rpm
SHA-256: 70b12b09b61e80154ff4a6e76cc9872fb233dd1b00176ec6a5fd1f3e77f009f4
bind9.16-license-9.16.23-0.14.el8.noarch.rpm
SHA-256: 63e06d972dee21a9337d8f52bd7aa73fec0d88877be2f6f989c87ce78904af58
bind9.16-utils-9.16.23-0.14.el8.x86_64.rpm
SHA-256: fc5cd41d6e4750461baf4febaed32a3c2c19ea0279029715e6d5d36564f3fc3e
bind9.16-utils-debuginfo-9.16.23-0.14.el8.x86_64.rpm
SHA-256: 558d6d8784aad4d02f45a05b2986e6d2a6de7a960b16d1eb86526c445693b1a9
python3-bind9.16-9.16.23-0.14.el8.noarch.rpm
SHA-256: a44fa5c18d3acefe18fb997c5fca3c131685d8138375aa7098a074a8a251277d
Red Hat Enterprise Linux for IBM z Systems 8
SRPM
bind9.16-9.16.23-0.14.el8.src.rpm
SHA-256: f72a505ebd2df520c49e2273bb28290738e41ac017dcd8d9da1bae3f13126789
s390x
bind9.16-9.16.23-0.14.el8.s390x.rpm
SHA-256: 18cba4d552f2f3bbf373b5d988b4a4b7ce338a50f115799a0cd245ff625ac9f4
bind9.16-chroot-9.16.23-0.14.el8.s390x.rpm
SHA-256: cd7cda34ad623793d7038838c3de0e610d5ae145556b95ff63da2070db4acbf4
bind9.16-debuginfo-9.16.23-0.14.el8.s390x.rpm
SHA-256: c549b8b59139671840e610413568d15b2d6ac0a24d5262a8f727d8039cb0ce33
bind9.16-debugsource-9.16.23-0.14.el8.s390x.rpm
SHA-256: 1bfece539ad66dcb3dace2a043dffb828cf9628ee2e724ec65c355b227a137a5
bind9.16-dnssec-utils-9.16.23-0.14.el8.s390x.rpm
SHA-256: 150653797c101cf300efae439f1a7f43830879c78555214470ccd556c8d9e55a
bind9.16-dnssec-utils-debuginfo-9.16.23-0.14.el8.s390x.rpm
SHA-256: 41753ce91ffca679ac4538299ee45d5656f3f14b4fd5f80ef2acf2f3b749f11e
bind9.16-libs-9.16.23-0.14.el8.s390x.rpm
SHA-256: bc40ebceab89ebf527a905159731bd5927f785ee9d57e33572b848a0f02bb700
bind9.16-libs-debuginfo-9.16.23-0.14.el8.s390x.rpm
SHA-256: b3bc18d9a3efb57edc2ad235d13849d10cd5f6eaa185734050a9a20103169994
bind9.16-license-9.16.23-0.14.el8.noarch.rpm
SHA-256: 63e06d972dee21a9337d8f52bd7aa73fec0d88877be2f6f989c87ce78904af58
bind9.16-utils-9.16.23-0.14.el8.s390x.rpm
SHA-256: a98bbce7bc591bfe507cc5a8f91ed29d2853ecb8cfae0a802a94a2c26ff725c3
bind9.16-utils-debuginfo-9.16.23-0.14.el8.s390x.rpm
SHA-256: 98ad1b4d6806719d96f4ad65f4c45c9506323331e856bde16abd498aaa398694
python3-bind9.16-9.16.23-0.14.el8.noarch.rpm
SHA-256: a44fa5c18d3acefe18fb997c5fca3c131685d8138375aa7098a074a8a251277d
Red Hat Enterprise Linux for Power, little endian 8
SRPM
bind9.16-9.16.23-0.14.el8.src.rpm
SHA-256: f72a505ebd2df520c49e2273bb28290738e41ac017dcd8d9da1bae3f13126789
ppc64le
bind9.16-9.16.23-0.14.el8.ppc64le.rpm
SHA-256: ee6d2c73c8cd632419ac163e41d55df9ce8a7ceba24290f6fe354e0755b68f9e
bind9.16-chroot-9.16.23-0.14.el8.ppc64le.rpm
SHA-256: c64b4ce777f467d834250857627a5322bec9671b1414bb7d60aa4f28c29202ad
bind9.16-debuginfo-9.16.23-0.14.el8.ppc64le.rpm
SHA-256: 4701e46f1b123c94ef3c5dc92e2e43ec806358d00c07f532e19c83b73652a229
bind9.16-debugsource-9.16.23-0.14.el8.ppc64le.rpm
SHA-256: 851a122dc9c1087c28a9b4878249fe6338de9d3e91292ded89b3c2eb515e4bbb
bind9.16-dnssec-utils-9.16.23-0.14.el8.ppc64le.rpm
SHA-256: d0d25f0ae18d2d59b6735ff34723ee15f26aca20d6b081d66887827ffddc6091
bind9.16-dnssec-utils-debuginfo-9.16.23-0.14.el8.ppc64le.rpm
SHA-256: f101d51e1db3f4468260322cfff2203be393ef8cfa0b08befa996496d796b7b3
bind9.16-libs-9.16.23-0.14.el8.ppc64le.rpm
SHA-256: 0c92ea38d01ef290e8e5732c6fcae73c7050c0e37512cc7fb495c5efabd07a19
bind9.16-libs-debuginfo-9.16.23-0.14.el8.ppc64le.rpm
SHA-256: 3c019eae49f6e09b80591038fcf56c0fdd3e086eee87bd8cf743a754aeeaa851
bind9.16-license-9.16.23-0.14.el8.noarch.rpm
SHA-256: 63e06d972dee21a9337d8f52bd7aa73fec0d88877be2f6f989c87ce78904af58
bind9.16-utils-9.16.23-0.14.el8.ppc64le.rpm
SHA-256: 0c80b2455baccd85351798e360fdd83d35776204e3ca420524266765c2c27782
bind9.16-utils-debuginfo-9.16.23-0.14.el8.ppc64le.rpm
SHA-256: 70fac84e228252188ba0022e3ee8da3587ac1e13fc765cd05a4fba83c3c8c599
python3-bind9.16-9.16.23-0.14.el8.noarch.rpm
SHA-256: a44fa5c18d3acefe18fb997c5fca3c131685d8138375aa7098a074a8a251277d
Red Hat Enterprise Linux for ARM 64 8
SRPM
bind9.16-9.16.23-0.14.el8.src.rpm
SHA-256: f72a505ebd2df520c49e2273bb28290738e41ac017dcd8d9da1bae3f13126789
aarch64
bind9.16-9.16.23-0.14.el8.aarch64.rpm
SHA-256: 43f58ba7a757423613f1612bdde4e33ba63e585827cd097c8b068886d8b0df1d
bind9.16-chroot-9.16.23-0.14.el8.aarch64.rpm
SHA-256: d5e2b95c593294403d2496feb35dc1a010691255f0a3ce2f1cbe2588a1867fd7
bind9.16-debuginfo-9.16.23-0.14.el8.aarch64.rpm
SHA-256: 83d839ea5eca374220f4820b4e2af761a3a041986c6cb0196a2881b6a7b6bcd4
bind9.16-debugsource-9.16.23-0.14.el8.aarch64.rpm
SHA-256: 6d1ee887291fa2f9c1a62b397bd520f47b8aca89581a60227fc53321622473a7
bind9.16-dnssec-utils-9.16.23-0.14.el8.aarch64.rpm
SHA-256: 3b4a75f6385baf6806f76824dfce70ed5fdcaa2192e702a80800ac902cba30d8
bind9.16-dnssec-utils-debuginfo-9.16.23-0.14.el8.aarch64.rpm
SHA-256: 1b571502628ca84df2445fe201dcbb144bd4b67d0340a5bb900f8d63611c254a
bind9.16-libs-9.16.23-0.14.el8.aarch64.rpm
SHA-256: 3259e031e7378fe04a5c6947a474344901354af0209d765d6dcbed000e6c5ee2
bind9.16-libs-debuginfo-9.16.23-0.14.el8.aarch64.rpm
SHA-256: 323d38110dc83ec97894eb52233e78b87bc6211bd59a98a3bc5c63306b294182
bind9.16-license-9.16.23-0.14.el8.noarch.rpm
SHA-256: 63e06d972dee21a9337d8f52bd7aa73fec0d88877be2f6f989c87ce78904af58
bind9.16-utils-9.16.23-0.14.el8.aarch64.rpm
SHA-256: 68de93526e3d559929fb3782bcc086bb909a9457fd3ea75cc0da6e45d5d39bec
bind9.16-utils-debuginfo-9.16.23-0.14.el8.aarch64.rpm
SHA-256: 76a294c489e3b6d32b23f642ebaa120402147533b1b11f1978a3a986f5e29209
python3-bind9.16-9.16.23-0.14.el8.noarch.rpm
SHA-256: a44fa5c18d3acefe18fb997c5fca3c131685d8138375aa7098a074a8a251277d
Red Hat CodeReady Linux Builder for x86_64 8
SRPM
x86_64
bind9.16-debuginfo-9.16.23-0.14.el8.i686.rpm
SHA-256: 283de2c8d37f79403bdccc73b740922ccb67604e735185c2a462cf41086d857d
bind9.16-debuginfo-9.16.23-0.14.el8.x86_64.rpm
SHA-256: 09c631f33e584e01eef36af6fc2369167614dcbde4340cfe3fd89c63428e4f1d
bind9.16-debugsource-9.16.23-0.14.el8.i686.rpm
SHA-256: 0bc26e76c69607385d80e865aeb39d03e1edde5c2f448a8d1ac9c670d4fa7f92
bind9.16-debugsource-9.16.23-0.14.el8.x86_64.rpm
SHA-256: 83aba3a792a7e21edcf6397f24426fd9438b7565500003cf38d2a8b5166bfe38
bind9.16-devel-9.16.23-0.14.el8.i686.rpm
SHA-256: c959bc5736afc69bab48e182ab1f21b47e71c7fc18663c442c0a425078241bea
bind9.16-devel-9.16.23-0.14.el8.x86_64.rpm
SHA-256: a76149207931020a94cbdc17165e8a1d101298fe9d7f8414c0d1de0e83638337
bind9.16-dnssec-utils-debuginfo-9.16.23-0.14.el8.i686.rpm
SHA-256: 65b6eb5286d984a29e9e59d280116a16645bfafd7f0edaf6a2796f471e2eb589
bind9.16-dnssec-utils-debuginfo-9.16.23-0.14.el8.x86_64.rpm
SHA-256: 92173d69a782550d19344cea94467ce6ed7fb5d3174b4cc725dfdb6ad9f9a803
bind9.16-doc-9.16.23-0.14.el8.noarch.rpm
SHA-256: 36608d4539c9e1e550d1aa15cb74f5fee953036ac29ca26fdc52d6129a94edf5
bind9.16-libs-9.16.23-0.14.el8.i686.rpm
SHA-256: 3d67dfcfa5b8ab57f4078e788f7996c1c490190cfa8b92e188ebe08b1597c709
bind9.16-libs-debuginfo-9.16.23-0.14.el8.i686.rpm
SHA-256: 2424574b60f84244033f22ede56b1b2b00a1ac8d149192d7c031cc47c9ad2c8b
bind9.16-libs-debuginfo-9.16.23-0.14.el8.x86_64.rpm
SHA-256: 70b12b09b61e80154ff4a6e76cc9872fb233dd1b00176ec6a5fd1f3e77f009f4
bind9.16-utils-debuginfo-9.16.23-0.14.el8.i686.rpm
SHA-256: 6895356d0d22f0e432b7f6af843a0a9aae482c27630b51b13c0e14056a9c85cd
bind9.16-utils-debuginfo-9.16.23-0.14.el8.x86_64.rpm
SHA-256: 558d6d8784aad4d02f45a05b2986e6d2a6de7a960b16d1eb86526c445693b1a9
Red Hat CodeReady Linux Builder for Power, little endian 8
SRPM
ppc64le
bind9.16-debuginfo-9.16.23-0.14.el8.ppc64le.rpm
SHA-256: 4701e46f1b123c94ef3c5dc92e2e43ec806358d00c07f532e19c83b73652a229
bind9.16-debugsource-9.16.23-0.14.el8.ppc64le.rpm
SHA-256: 851a122dc9c1087c28a9b4878249fe6338de9d3e91292ded89b3c2eb515e4bbb
bind9.16-devel-9.16.23-0.14.el8.ppc64le.rpm
SHA-256: 4e437eae1d438eb64d27a905eb8bbac0555b9db3155eb458929f4c0aaaa3096a
bind9.16-dnssec-utils-debuginfo-9.16.23-0.14.el8.ppc64le.rpm
SHA-256: f101d51e1db3f4468260322cfff2203be393ef8cfa0b08befa996496d796b7b3
bind9.16-doc-9.16.23-0.14.el8.noarch.rpm
SHA-256: 36608d4539c9e1e550d1aa15cb74f5fee953036ac29ca26fdc52d6129a94edf5
bind9.16-libs-debuginfo-9.16.23-0.14.el8.ppc64le.rpm
SHA-256: 3c019eae49f6e09b80591038fcf56c0fdd3e086eee87bd8cf743a754aeeaa851
bind9.16-utils-debuginfo-9.16.23-0.14.el8.ppc64le.rpm
SHA-256: 70fac84e228252188ba0022e3ee8da3587ac1e13fc765cd05a4fba83c3c8c599
Red Hat CodeReady Linux Builder for ARM 64 8
SRPM
aarch64
bind9.16-debuginfo-9.16.23-0.14.el8.aarch64.rpm
SHA-256: 83d839ea5eca374220f4820b4e2af761a3a041986c6cb0196a2881b6a7b6bcd4
bind9.16-debugsource-9.16.23-0.14.el8.aarch64.rpm
SHA-256: 6d1ee887291fa2f9c1a62b397bd520f47b8aca89581a60227fc53321622473a7
bind9.16-devel-9.16.23-0.14.el8.aarch64.rpm
SHA-256: c45c6e4bb1e74a10efa767b9802468f749187c309386b7fcecd4d83849010676
bind9.16-dnssec-utils-debuginfo-9.16.23-0.14.el8.aarch64.rpm
SHA-256: 1b571502628ca84df2445fe201dcbb144bd4b67d0340a5bb900f8d63611c254a
bind9.16-doc-9.16.23-0.14.el8.noarch.rpm
SHA-256: 36608d4539c9e1e550d1aa15cb74f5fee953036ac29ca26fdc52d6129a94edf5
bind9.16-libs-debuginfo-9.16.23-0.14.el8.aarch64.rpm
SHA-256: 323d38110dc83ec97894eb52233e78b87bc6211bd59a98a3bc5c63306b294182
bind9.16-utils-debuginfo-9.16.23-0.14.el8.aarch64.rpm
SHA-256: 76a294c489e3b6d32b23f642ebaa120402147533b1b11f1978a3a986f5e29209
Red Hat CodeReady Linux Builder for IBM z Systems 8
SRPM
s390x
bind9.16-debuginfo-9.16.23-0.14.el8.s390x.rpm
SHA-256: c549b8b59139671840e610413568d15b2d6ac0a24d5262a8f727d8039cb0ce33
bind9.16-debugsource-9.16.23-0.14.el8.s390x.rpm
SHA-256: 1bfece539ad66dcb3dace2a043dffb828cf9628ee2e724ec65c355b227a137a5
bind9.16-devel-9.16.23-0.14.el8.s390x.rpm
SHA-256: e24172d968fa92d6cf75c5b7a4bba2375c80de5e8f9ec89fd05231d0bf19f4e3
bind9.16-dnssec-utils-debuginfo-9.16.23-0.14.el8.s390x.rpm
SHA-256: 41753ce91ffca679ac4538299ee45d5656f3f14b4fd5f80ef2acf2f3b749f11e
bind9.16-doc-9.16.23-0.14.el8.noarch.rpm
SHA-256: 36608d4539c9e1e550d1aa15cb74f5fee953036ac29ca26fdc52d6129a94edf5
bind9.16-libs-debuginfo-9.16.23-0.14.el8.s390x.rpm
SHA-256: b3bc18d9a3efb57edc2ad235d13849d10cd5f6eaa185734050a9a20103169994
bind9.16-utils-debuginfo-9.16.23-0.14.el8.s390x.rpm
SHA-256: 98ad1b4d6806719d96f4ad65f4c45c9506323331e856bde16abd498aaa398694
Related news
Red Hat Security Advisory 2023-7177-01 - An update for bind is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.
Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.11.9 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.
Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).
Red Hat Security Advisory 2023-3742-02 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include bypass, denial of service, and remote SQL injection vulnerabilities.
If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-timeout 0;`, a sequence of serve-stale-related lookups could cause `named` to loop and terminate unexpectedly due to a stack overflow. This issue affects BIND 9 versions 9.16.33 through 9.16.41, 9.18.7 through 9.18.15, 9.16.33-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1.
Updated images that include numerous enhancements, security, and bug fixes are now available in Red Hat Container Registry for Red Hat OpenShift Data Foundation 4.13.0 on Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-16250: A flaw was found in Vault and Vault Enterprise (“Vault”). In the affected versions of Vault, with the AWS Auth Method configured and under certain circumstances, the values relied upon by Vault to validate AWS IAM ident...
Release of Bug Advisories for the OpenShift Jenkins image and Jenkins agent base image. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. * CVE-2022-2880: A flaw was found in the golang package, where reques...
Red Hat Security Advisory 2023-3624-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.
Red Hat OpenShift Service Mesh Containers for 2.4.0 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24540: A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution.
The Migration Toolkit for Containers (MTC) 1.7.10 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24534: A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service. * CVE-2023-24536: A flaw was found in Golang Go, where it is vulnerable to a denial of service cause...
Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.12.4 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3172: A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This issue leads to the client performing unexpected actions and forwarding the client's API server credentials to third parties.
Red Hat Security Advisory 2023-3379-01 - Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes security fixes. This release of RHACS includes a fix for CVE-2023-24540 by building RHACS with updated Golang.
Red Hat Security Advisory 2023-3356-01 - Red Hat Advanced Cluster Management for Kubernetes 2.5.9 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.
Dell SCG 5.14 contains an information disclosure vulnerability during the SRS to SCG upgrade path. A remote low privileged malicious user could potentially exploit this vulnerability to retrieve the plain text.
Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes security fixes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24540: A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions...
Multicluster Engine for Kubernetes 2.0.9 General Availability release images, which fix security issues and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32313: A flaw was found in the vm2. After making a vm, the inspect method is read-write for console.log, which allows an attacker to edit options for console.log. This issue impacts the integrity by changing the log subsystem. * CVE-2023-32314: A flaw was found in the vm2 sandbox. When a host o...
Red Hat Security Advisory 2023-3325-01 - Multicluster Engine for Kubernetes 2.1.7 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.
Multicluster Engine for Kubernetes 2.1.7 General Availability release images, which address security issues and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32313: A flaw was found in the vm2. After making a vm, the inspect method is read-write for console.log, which allows an attacker to edit options for console.log. This issue impacts the integrity by changing the log subsystem. * CVE-2023-32314: A flaw was found in the vm2 sandbox. When a ho...
Red Hat Security Advisory 2023-3296-01 - Multicluster Engine for Kubernetes 2.2.4 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.
Multicluster Engine for Kubernetes 2.2.4 General Availability release images, which fix security issues and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32313: A flaw was found in the vm2. After making a vm, the inspect method is read-write for console.log, which allows an attacker to edit options for console.log. This issue impacts the integrity by changing the log subsystem. * CVE-2023-32314: A flaw was found in the vm2 sandbox. When a host ...
Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. A local authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.
Red Hat Security Advisory 2023-2792-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Issues addressed include a denial of service vulnerability.
An update for bind is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2795: A flaw was found in bind. When flooding the target resolver with special queries, an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.
An update for bind is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2795: A flaw was found in bind. When flooding the target resolver with special queries, an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service. * CVE-2022-3094: A flaw was found in Bind, where sending a flood of dynamic DNS updates may cause named to allocate large amount...
An update for bind is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2795: A flaw was found in bind. When flooding the target resolver with special queries, an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service. * CVE-2022-3094: A flaw was found in Bind, where sending a flood of dynamic DNS updates may cause named to allocate large amount...
An update for bind is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2795: A flaw was found in bind. When flooding the target resolver with special queries, an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service. * CVE-2022-3094: A flaw was found in Bind, where sending a flood of dynamic DNS updates may cause named to allocate large amount...
An update for bind is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2795: A flaw was found in bind. When flooding the target resolver with special queries, an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service. * CVE-2022-3094: A flaw was found in Bind, where sending a flood of dynamic DNS updates may cause named to allocate large amount...
The Internet Systems Consortium (ISC) has released patches to address multiple security vulnerabilities in the Berkeley Internet Name Domain (BIND) 9 Domain Name System (DNS) software suite that could lead to a denial-of-service (DoS) condition. "A remote attacker could exploit these vulnerabilities to potentially cause denial-of-service conditions and system failures," the U.S. Cybersecurity
The Internet Systems Consortium (ISC) has released patches to address multiple security vulnerabilities in the Berkeley Internet Name Domain (BIND) 9 Domain Name System (DNS) software suite that could lead to a denial-of-service (DoS) condition. "A remote attacker could exploit these vulnerabilities to potentially cause denial-of-service conditions and system failures," the U.S. Cybersecurity
The Internet Systems Consortium (ISC) has released patches to address multiple security vulnerabilities in the Berkeley Internet Name Domain (BIND) 9 Domain Name System (DNS) software suite that could lead to a denial-of-service (DoS) condition. "A remote attacker could exploit these vulnerabilities to potentially cause denial-of-service conditions and system failures," the U.S. Cybersecurity
Debian Linux Security Advisory 5329-1 - Several vulnerabilities were discovered in BIND, a DNS server implementation, which may result in denial of service against named.
Debian Linux Security Advisory 5329-1 - Several vulnerabilities were discovered in BIND, a DNS server implementation, which may result in denial of service against named.
Debian Linux Security Advisory 5329-1 - Several vulnerabilities were discovered in BIND, a DNS server implementation, which may result in denial of service against named.
This issue can affect BIND 9 resolvers with `stale-answer-enable yes;` that also make use of the option `stale-answer-client-timeout`, configured with a value greater than zero. If the resolver receives many queries that require recursion, there will be a corresponding increase in the number of clients that are waiting for recursion to complete. If there are sufficient clients already waiting when a new client query is received so that it is necessary to SERVFAIL the longest waiting client (see BIND 9 ARM `recursive-clients` limit and soft quota), then it is possible for a race to occur between providing a stale answer to this older client and sending an early timeout SERVFAIL, which may cause an assertion failure. This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.12-S1 through 9.16.36-S1.
Sending a flood of dynamic DNS updates may cause `named` to allocate large amounts of memory. This, in turn, may cause `named` to exit due to a lack of free memory. We are not aware of any cases where this has been exploited. Memory is allocated prior to the checking of access permissions (ACLs) and is retained during the processing of a dynamic update from a client whose access credentials are accepted. Memory allocated to clients that are not permitted to send updates is released immediately upon rejection. The scope of this vulnerability is limited therefore to trusted clients who are permitted to make dynamic zone changes. If a dynamic update is REFUSED, memory will be released again very quickly. Therefore it is only likely to be possible to degrade or stop `named` by sending a flood of unaccepted dynamic updates comparable in magnitude to a query flood intended to achieve the same detrimental outcome. BIND 9.11 and earlier branches are also affected, but through exhaustion of int...
BIND 9 resolver can crash when stale cache and stale answers are enabled, option `stale-answer-client-timeout` is set to a positive integer, and the resolver receives an RRSIG query. This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.12-S1 through 9.16.36-S1.
Ubuntu Security Notice 5827-1 - Rob Schulhof discovered that Bind incorrectly handled a large number of UPDATE messages. A remote attacker could possibly use this issue to cause Bind to consume resources, resulting in a denial of service. Borja Marcos discovered that Bind incorrectly handled certain RRSIG queries. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 22.10.
Ubuntu Security Notice 5827-1 - Rob Schulhof discovered that Bind incorrectly handled a large number of UPDATE messages. A remote attacker could possibly use this issue to cause Bind to consume resources, resulting in a denial of service. Borja Marcos discovered that Bind incorrectly handled certain RRSIG queries. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 22.10.
Ubuntu Security Notice 5827-1 - Rob Schulhof discovered that Bind incorrectly handled a large number of UPDATE messages. A remote attacker could possibly use this issue to cause Bind to consume resources, resulting in a denial of service. Borja Marcos discovered that Bind incorrectly handled certain RRSIG queries. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 22.10.
Red Hat Security Advisory 2023-0402-01 - An update for bind is now available for Red Hat Enterprise Linux 7.
An update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-25220: bind: DNS forwarders - cache poisoning vulnerability * CVE-2022-2795: bind: processing large delegations may severely degrade resolver performance
Hello everyone! Great news for my open source Scanvus project! You can now perform vulnerability checks on Linux hosts and docker images not only using the Vulners.com API, but also with the Vulns.io VM API. It’s especially nice that all the code to support the new API was written and contributed by colleagues from Vulns.io. […]
Ubuntu Security Notice 5626-2 - USN-5626-1 fixed several vulnerabilities in Bind. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Yehuda Afek, Anat Bremler-Barr, and Shani Stajnrod discovered that Bind incorrectly handled large delegations. A remote attacker could possibly use this issue to reduce performance, leading to a denial of service.
Ubuntu Security Notice 5626-1 - Yehuda Afek, Anat Bremler-Barr, and Shani Stajnrod discovered that Bind incorrectly handled large delegations. A remote attacker could possibly use this issue to reduce performance, leading to a denial of service. It was discovered that Bind incorrectly handled statistics requests. A remote attacker could possibly use this issue to obtain sensitive memory contents, or cause a denial of service. This issue only affected Ubuntu 22.04 LTS.
By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.