ISHACK AI BOT

OS X update for Core Location (CVE-2023-32408) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 06/23/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Core Location (CVE-2023-32407) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:C/A:N) Published 06/23/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Core Location (CVE-2023-32413) Severity 6 CVSS (AV:L/AC:H/Au:N/C:C/I:C/A:C) Published 06/23/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Core Location (CVE-2023-32423) Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 06/23/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

SUSE: CVE-2023-34462: SUSE Linux Security Advisory Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 06/22/2023 Created 07/27/2023 Added 07/27/2023 Modified 01/28/2025 Description Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle timeout, it can be used to make a TCP server using the `SniHandler` to allocate 16MB of heap. The `SniHandler` class is a handler that waits for the TLS handshake to configure a `SslHandler` according to the indicated server name by the `ClientHello` record. For this matter it allocates a `ByteBuf` using the value defined in the `ClientHello` record. Normally the value of the packet should be smaller than the handshake packet but there are not checks done here and the way the code is written, it is possible to craft a packet that makes the `SslClientHelloHandler`. This vulnerability has been fixed in version 4.1.94.Final. Solution(s) suse-upgrade-netty suse-upgrade-netty-javadoc suse-upgrade-netty-poms suse-upgrade-netty-tcnative suse-upgrade-netty-tcnative-javadoc References https://attackerkb.com/topics/cve-2023-34462 CVE - 2023-34462

Oracle Linux: CVE-2023-34241: ELSA-2023-6596:cups security and bug fix update (MODERATE) (Multiple Advisories) Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:C) Published 06/22/2023 Created 11/18/2023 Added 11/16/2023 Modified 11/28/2024 Description OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Starting in version 2.0.0 and prior to version 2.4.6, CUPS logs data of free memory to the logging service AFTER the connection has been closed, when it should have logged the data right before. This is a use-after-free bug that impacts the entire cupsd process. The exact cause of this issue is the function `httpClose(con->http)` being called in `scheduler/client.c`. The problem is that httpClose always, provided its argument is not null, frees the pointer at the end of the call, only for cupsdLogClient to pass the pointer to httpGetHostname. This issue happens in function `cupsdAcceptClient` if LogLevel is warn or higher and in two scenarios: there is a double-lookup for the IP Address (HostNameLookups Double is set in `cupsd.conf`) which fails to resolve, or if CUPS is compiled with TCP wrappers and the connection is refused by rules from `/etc/hosts.allow` and `/etc/hosts.deny`. Version 2.4.6 has a patch for this issue. A vulnerability was found in CUPS. This issue occurs due to logging data of free memory to the logging service AFTER the connection has been closed, when it should have logged the data immediately before the connection closed, resulting in a use-after-free in cupsdAcceptClient() in scheduler/client.c Solution(s) oracle-linux-upgrade-cups oracle-linux-upgrade-cups-client oracle-linux-upgrade-cups-devel oracle-linux-upgrade-cups-filesystem oracle-linux-upgrade-cups-ipptool oracle-linux-upgrade-cups-libs oracle-linux-upgrade-cups-lpd oracle-linux-upgrade-cups-printerapp References https://attackerkb.com/topics/cve-2023-34241 CVE - 2023-34241 ELSA-2023-6596 ELSA-2023-7165

Password leak due to insecure default configuration Severity 4 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:N) Published 06/22/2023 Created 06/23/2023 Added 06/22/2023 Modified 06/22/2023 Description By default, the remote administration server does not use SSL. While the password transmitted on the wire is encrypted, the encryption key is hard-coded and users' passwords can be recovered from a packet captures. Solution(s) globalscape-eft-upgrade-to-8-1-0-16 References https://kb.globalscape.com/Knowledgebase/11587/Is-EFT-susceptible-to-the-Password-Leak-Due-to-Insecure-Defaults-vulnerability https://www.rapid7.com/blog/post/2023/06/22/multiple-vulnerabilities-in-fortra-globalscape-eft-administration-server-fixed/

CentOS Linux: CVE-2023-3128: Critical: grafana security update (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 06/22/2023 Created 07/13/2023 Added 07/13/2023 Modified 01/28/2025 Description Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app. Solution(s) centos-upgrade-grafana centos-upgrade-grafana-debuginfo centos-upgrade-grafana-debugsource References CVE-2023-3128

CVE-2023-2989: Authentication bypass via out-of-bounds memory read Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:P/A:C) Published 06/22/2023 Created 06/23/2023 Added 06/22/2023 Modified 07/04/2023 Description The possibility exists for malicious login attempts to eventually be mistaken as valid when a request is read beyond the payload buffer Solution(s) globalscape-eft-upgrade-to-8-1-0-16 References https://attackerkb.com/topics/cve-2023-2989 CVE - 2023-2989 https://kb.globalscape.com/Knowledgebase/11586/Is-EFT-susceptible-to-the-Authentication-Bypass-via-Outofbounds-Memory-Read-vulnerability https://www.rapid7.com/blog/post/2023/06/22/multiple-vulnerabilities-in-fortra-globalscape-eft-administration-server-fixed/

Amazon Linux AMI: CVE-2024-0775: Security patch for kernel (ALAS-2023-1773) Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:C) Published 06/21/2023 Created 02/08/2024 Added 02/06/2024 Modified 01/28/2025 Description A use-after-free flaw was found in the __ext4_remount in fs/ext4/super.c in ext4 in the Linux kernel. This flaw allows a local user to cause an information leak problem while freeing the old quota file names before a potential failure, leading to a use-after-free. Solution(s) amazon-linux-upgrade-kernel References ALAS-2023-1773 CVE-2024-0775

Rocky Linux: CVE-2023-3128: grafana (RLSA-2023-4030) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 06/22/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/28/2025 Description Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app. Solution(s) rocky-upgrade-grafana rocky-upgrade-grafana-debuginfo rocky-upgrade-grafana-debugsource References https://attackerkb.com/topics/cve-2023-3128 CVE - 2023-3128 https://errata.rockylinux.org/RLSA-2023:4030

Rocky Linux: CVE-2023-2828: bind (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 06/21/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/28/2025 Description Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the `max-cache-size` statement in the configuration file; it defaults to 90% of the total amount of memory available on the host. When the size of the cache reaches 7/8 of the configured limit, a cache-cleaning algorithm starts to remove expired and/or least-recently used RRsets from the cache, to keep memory use below the configured limit. It has been discovered that the effectiveness of the cache-cleaning algorithm used in `named` can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured `max-cache-size` limit to be significantly exceeded. This issue affects BIND 9 versions 9.11.0 through 9.16.41, 9.18.0 through 9.18.15, 9.19.0 through 9.19.13, 9.11.3-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1. Solution(s) rocky-upgrade-bind rocky-upgrade-bind-chroot rocky-upgrade-bind-debuginfo rocky-upgrade-bind-debugsource rocky-upgrade-bind-devel rocky-upgrade-bind-dnssec-utils rocky-upgrade-bind-dnssec-utils-debuginfo rocky-upgrade-bind-export-devel rocky-upgrade-bind-export-libs rocky-upgrade-bind-export-libs-debuginfo rocky-upgrade-bind-libs rocky-upgrade-bind-libs-debuginfo rocky-upgrade-bind-libs-lite rocky-upgrade-bind-libs-lite-debuginfo rocky-upgrade-bind-lite-devel rocky-upgrade-bind-pkcs11 rocky-upgrade-bind-pkcs11-debuginfo rocky-upgrade-bind-pkcs11-devel rocky-upgrade-bind-pkcs11-libs rocky-upgrade-bind-pkcs11-libs-debuginfo rocky-upgrade-bind-pkcs11-utils rocky-upgrade-bind-pkcs11-utils-debuginfo rocky-upgrade-bind-sdb rocky-upgrade-bind-sdb-chroot rocky-upgrade-bind-sdb-debuginfo rocky-upgrade-bind-utils rocky-upgrade-bind-utils-debuginfo rocky-upgrade-bind9.16 rocky-upgrade-bind9.16-chroot rocky-upgrade-bind9.16-debuginfo rocky-upgrade-bind9.16-debugsource rocky-upgrade-bind9.16-devel rocky-upgrade-bind9.16-dnssec-utils rocky-upgrade-bind9.16-dnssec-utils-debuginfo rocky-upgrade-bind9.16-libs rocky-upgrade-bind9.16-libs-debuginfo rocky-upgrade-bind9.16-utils rocky-upgrade-bind9.16-utils-debuginfo References https://attackerkb.com/topics/cve-2023-2828 CVE - 2023-2828 https://errata.rockylinux.org/RLSA-2023:4099 https://errata.rockylinux.org/RLSA-2023:4100 https://errata.rockylinux.org/RLSA-2023:4102

ISC BIND: Exceeding the recursive-clients quota may cause named to terminate unexpectedly when stale-answer-client-timeout is set to 0 (CVE-2023-2911) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 06/21/2023 Created 08/02/2023 Added 08/01/2023 Modified 01/28/2025 Description If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-timeout 0;`, a sequence of serve-stale-related lookups could cause `named` to loop and terminate unexpectedly due to a stack overflow. This issue affects BIND 9 versions 9.16.33 through 9.16.41, 9.18.7 through 9.18.15, 9.16.33-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1. Solution(s) upgrade-isc-bind-latest References https://attackerkb.com/topics/cve-2023-2911 CVE - 2023-2911 https://kb.isc.org/v1/docs/cve-2023-2911

ISC BIND: Malformed NSEC records can cause named to terminate unexpectedly when synth-from-dnssec is enabled (CVE-2023-2829) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 06/21/2023 Created 08/02/2023 Added 08/01/2023 Modified 01/28/2025 Description A `named` instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache (RFC 8198) option (`synth-from-dnssec`) enabled can be remotely terminated using a zone with a malformed NSEC record. This issue affects BIND 9 versions 9.16.8-S1 through 9.16.41-S1 and 9.18.11-S1 through 9.18.15-S1. Solution(s) upgrade-isc-bind-latest References https://attackerkb.com/topics/cve-2023-2829 CVE - 2023-2829 https://kb.isc.org/v1/docs/cve-2023-2829

Alma Linux: CVE-2022-25883: Important: nodejs:16 security, bug fix, and enhancement update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 06/21/2023 Created 09/28/2023 Added 09/28/2023 Modified 01/30/2025 Description Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range. Solution(s) alma-upgrade-nodejs alma-upgrade-nodejs-devel alma-upgrade-nodejs-docs alma-upgrade-nodejs-full-i18n alma-upgrade-nodejs-nodemon alma-upgrade-nodejs-packaging alma-upgrade-nodejs-packaging-bundler alma-upgrade-npm References https://attackerkb.com/topics/cve-2022-25883 CVE - 2022-25883 https://errata.almalinux.org/8/ALSA-2023-5360.html https://errata.almalinux.org/8/ALSA-2023-5362.html https://errata.almalinux.org/9/ALSA-2023-5363.html

Huawei EulerOS: CVE-2023-2828: bind security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 06/21/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the `max-cache-size` statement in the configuration file; it defaults to 90% of the total amount of memory available on the host. When the size of the cache reaches 7/8 of the configured limit, a cache-cleaning algorithm starts to remove expired and/or least-recently used RRsets from the cache, to keep memory use below the configured limit. It has been discovered that the effectiveness of the cache-cleaning algorithm used in `named` can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured `max-cache-size` limit to be significantly exceeded. This issue affects BIND 9 versions 9.11.0 through 9.16.41, 9.18.0 through 9.18.15, 9.19.0 through 9.19.13, 9.11.3-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1. Solution(s) huawei-euleros-2_0_sp11-upgrade-bind huawei-euleros-2_0_sp11-upgrade-bind-chroot huawei-euleros-2_0_sp11-upgrade-bind-dnssec-doc huawei-euleros-2_0_sp11-upgrade-bind-dnssec-utils huawei-euleros-2_0_sp11-upgrade-bind-libs huawei-euleros-2_0_sp11-upgrade-bind-license huawei-euleros-2_0_sp11-upgrade-bind-pkcs11 huawei-euleros-2_0_sp11-upgrade-bind-pkcs11-libs huawei-euleros-2_0_sp11-upgrade-bind-pkcs11-utils huawei-euleros-2_0_sp11-upgrade-bind-utils huawei-euleros-2_0_sp11-upgrade-python3-bind References https://attackerkb.com/topics/cve-2023-2828 CVE - 2023-2828 EulerOS-SA-2023-2854

Debian: CVE-2023-25435: tiff -- security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 06/21/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesShifted8bits() at /libtiff/tools/tiffcrop.c:3753. Solution(s) debian-upgrade-tiff References https://attackerkb.com/topics/cve-2023-25435 CVE - 2023-25435

SUSE: CVE-2023-2911: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 06/21/2023 Created 06/29/2023 Added 06/29/2023 Modified 01/28/2025 Description If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-timeout 0;`, a sequence of serve-stale-related lookups could cause `named` to loop and terminate unexpectedly due to a stack overflow. This issue affects BIND 9 versions 9.16.33 through 9.16.41, 9.18.7 through 9.18.15, 9.16.33-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1. Solution(s) suse-upgrade-bind suse-upgrade-bind-doc suse-upgrade-bind-utils suse-upgrade-python3-bind References https://attackerkb.com/topics/cve-2023-2911 CVE - 2023-2911

Amazon Linux AMI 2: CVE-2023-2828: Security patch for bind (ALAS-2023-2112) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 06/21/2023 Created 07/21/2023 Added 07/21/2023 Modified 01/28/2025 Description Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the `max-cache-size` statement in the configuration file; it defaults to 90% of the total amount of memory available on the host. When the size of the cache reaches 7/8 of the configured limit, a cache-cleaning algorithm starts to remove expired and/or least-recently used RRsets from the cache, to keep memory use below the configured limit. It has been discovered that the effectiveness of the cache-cleaning algorithm used in `named` can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured `max-cache-size` limit to be significantly exceeded. This issue affects BIND 9 versions 9.11.0 through 9.16.41, 9.18.0 through 9.18.15, 9.19.0 through 9.19.13, 9.11.3-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1. Solution(s) amazon-linux-ami-2-upgrade-bind amazon-linux-ami-2-upgrade-bind-chroot amazon-linux-ami-2-upgrade-bind-debuginfo amazon-linux-ami-2-upgrade-bind-devel amazon-linux-ami-2-upgrade-bind-export-devel amazon-linux-ami-2-upgrade-bind-export-libs amazon-linux-ami-2-upgrade-bind-libs amazon-linux-ami-2-upgrade-bind-libs-lite amazon-linux-ami-2-upgrade-bind-license amazon-linux-ami-2-upgrade-bind-lite-devel amazon-linux-ami-2-upgrade-bind-pkcs11 amazon-linux-ami-2-upgrade-bind-pkcs11-devel amazon-linux-ami-2-upgrade-bind-pkcs11-libs amazon-linux-ami-2-upgrade-bind-pkcs11-utils amazon-linux-ami-2-upgrade-bind-sdb amazon-linux-ami-2-upgrade-bind-sdb-chroot amazon-linux-ami-2-upgrade-bind-utils References https://attackerkb.com/topics/cve-2023-2828 AL2/ALAS-2023-2112 CVE - 2023-2828

Huawei EulerOS: CVE-2023-2828: dhcp security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 06/21/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the `max-cache-size` statement in the configuration file; it defaults to 90% of the total amount of memory available on the host. When the size of the cache reaches 7/8 of the configured limit, a cache-cleaning algorithm starts to remove expired and/or least-recently used RRsets from the cache, to keep memory use below the configured limit. It has been discovered that the effectiveness of the cache-cleaning algorithm used in `named` can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured `max-cache-size` limit to be significantly exceeded. This issue affects BIND 9 versions 9.11.0 through 9.16.41, 9.18.0 through 9.18.15, 9.19.0 through 9.19.13, 9.11.3-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1. Solution(s) huawei-euleros-2_0_sp10-upgrade-dhcp References https://attackerkb.com/topics/cve-2023-2828 CVE - 2023-2828 EulerOS-SA-2023-3204

VMware Photon OS: CVE-2023-2828 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 06/21/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the `max-cache-size` statement in the configuration file; it defaults to 90% of the total amount of memory available on the host. When the size of the cache reaches 7/8 of the configured limit, a cache-cleaning algorithm starts to remove expired and/or least-recently used RRsets from the cache, to keep memory use below the configured limit. It has been discovered that the effectiveness of the cache-cleaning algorithm used in `named` can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured `max-cache-size` limit to be significantly exceeded. This issue affects BIND 9 versions 9.11.0 through 9.16.41, 9.18.0 through 9.18.15, 9.19.0 through 9.19.13, 9.11.3-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-2828 CVE - 2023-2828

Red Hat: CVE-2023-2828: named's configured cache size limit can be significantly exceeded (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 06/21/2023 Created 07/13/2023 Added 07/13/2023 Modified 01/28/2025 Description Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the `max-cache-size` statement in the configuration file; it defaults to 90% of the total amount of memory available on the host. When the size of the cache reaches 7/8 of the configured limit, a cache-cleaning algorithm starts to remove expired and/or least-recently used RRsets from the cache, to keep memory use below the configured limit. It has been discovered that the effectiveness of the cache-cleaning algorithm used in `named` can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured `max-cache-size` limit to be significantly exceeded. This issue affects BIND 9 versions 9.11.0 through 9.16.41, 9.18.0 through 9.18.15, 9.19.0 through 9.19.13, 9.11.3-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1. Solution(s) redhat-upgrade-bind redhat-upgrade-bind-chroot redhat-upgrade-bind-debuginfo redhat-upgrade-bind-debugsource redhat-upgrade-bind-devel redhat-upgrade-bind-dnssec-doc redhat-upgrade-bind-dnssec-utils redhat-upgrade-bind-dnssec-utils-debuginfo redhat-upgrade-bind-doc redhat-upgrade-bind-export-devel redhat-upgrade-bind-export-libs redhat-upgrade-bind-export-libs-debuginfo redhat-upgrade-bind-libs redhat-upgrade-bind-libs-debuginfo redhat-upgrade-bind-libs-lite redhat-upgrade-bind-libs-lite-debuginfo redhat-upgrade-bind-license redhat-upgrade-bind-lite-devel redhat-upgrade-bind-pkcs11 redhat-upgrade-bind-pkcs11-debuginfo redhat-upgrade-bind-pkcs11-devel redhat-upgrade-bind-pkcs11-libs redhat-upgrade-bind-pkcs11-libs-debuginfo redhat-upgrade-bind-pkcs11-utils redhat-upgrade-bind-pkcs11-utils-debuginfo redhat-upgrade-bind-sdb redhat-upgrade-bind-sdb-chroot redhat-upgrade-bind-sdb-debuginfo redhat-upgrade-bind-utils redhat-upgrade-bind-utils-debuginfo redhat-upgrade-bind9-16 redhat-upgrade-bind9-16-chroot redhat-upgrade-bind9-16-debuginfo redhat-upgrade-bind9-16-debugsource redhat-upgrade-bind9-16-devel redhat-upgrade-bind9-16-dnssec-utils redhat-upgrade-bind9-16-dnssec-utils-debuginfo redhat-upgrade-bind9-16-doc redhat-upgrade-bind9-16-libs redhat-upgrade-bind9-16-libs-debuginfo redhat-upgrade-bind9-16-license redhat-upgrade-bind9-16-utils redhat-upgrade-bind9-16-utils-debuginfo redhat-upgrade-python3-bind redhat-upgrade-python3-bind9-16 References CVE-2023-2828 RHSA-2023:4005 RHSA-2023:4037 RHSA-2023:4099 RHSA-2023:4100 RHSA-2023:4101 RHSA-2023:4102 RHSA-2023:4152 View more

Debian: CVE-2023-2911: bind9 -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 06/21/2023 Created 07/04/2023 Added 07/04/2023 Modified 01/28/2025 Description If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-timeout 0;`, a sequence of serve-stale-related lookups could cause `named` to loop and terminate unexpectedly due to a stack overflow. This issue affects BIND 9 versions 9.16.33 through 9.16.41, 9.18.7 through 9.18.15, 9.16.33-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1. Solution(s) debian-upgrade-bind9 References https://attackerkb.com/topics/cve-2023-2911 CVE - 2023-2911 DSA-5439-1

Debian: CVE-2023-2828: bind9 -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 06/21/2023 Created 07/04/2023 Added 07/04/2023 Modified 01/28/2025 Description Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the `max-cache-size` statement in the configuration file; it defaults to 90% of the total amount of memory available on the host. When the size of the cache reaches 7/8 of the configured limit, a cache-cleaning algorithm starts to remove expired and/or least-recently used RRsets from the cache, to keep memory use below the configured limit. It has been discovered that the effectiveness of the cache-cleaning algorithm used in `named` can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured `max-cache-size` limit to be significantly exceeded. This issue affects BIND 9 versions 9.11.0 through 9.16.41, 9.18.0 through 9.18.15, 9.19.0 through 9.19.13, 9.11.3-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1. Solution(s) debian-upgrade-bind9 References https://attackerkb.com/topics/cve-2023-2828 CVE - 2023-2828 DSA-5439-1

Amazon Linux AMI: CVE-2023-2828: Security patch for bind (ALAS-2023-1789) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 06/21/2023 Created 07/27/2023 Added 07/26/2023 Modified 01/28/2025 Description Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the `max-cache-size` statement in the configuration file; it defaults to 90% of the total amount of memory available on the host. When the size of the cache reaches 7/8 of the configured limit, a cache-cleaning algorithm starts to remove expired and/or least-recently used RRsets from the cache, to keep memory use below the configured limit. It has been discovered that the effectiveness of the cache-cleaning algorithm used in `named` can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured `max-cache-size` limit to be significantly exceeded. This issue affects BIND 9 versions 9.11.0 through 9.16.41, 9.18.0 through 9.18.15, 9.19.0 through 9.19.13, 9.11.3-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1. Solution(s) amazon-linux-upgrade-bind References ALAS-2023-1789 CVE-2023-2828