AlmaLinux 8 : dnsmasq (ALSA-2024:1335)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:1335 advisory. - Certain DNSSEC aspects of the DNS protocol in RFC 4033, 4034, 4035, 6840, and related RFCs allow remote attackers to cause a denial of service CPU...

AlmaLinux 9 : dnsmasq (ALSA-2024:1334)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:1334 advisory. - Certain DNSSEC aspects of the DNS protocol in RFC 4033, 4034, 4035, 6840, and related RFCs allow remote attackers to cause a denial of service CPU...

Oracle Linux 8 : dnsmasq (ELSA-2024-1335)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1335 advisory. 2.79-31.2 - Fix CVE 2023-50387 and CVE 2023-50868 - Resolves: RHEL-25628 - Resolves: RHEL-25666 2.79-31.1 - Do not crash on invalid domain in...

Oracle Linux 9 : dnsmasq (ELSA-2024-1334)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1334 advisory. 2.85-14.1 - Fix CVE 2023-50387 and CVE 2023-50868 - Resolves: RHEL-25674 - Resolves: RHEL-25638 Tenable has extracted the preceding description block...

Important: Red Hat Security Advisory: dnsmasq security update

An update for dnsmasq is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator

Processing specially crafted responses coming from DNSSEC-signed zones can lead to uncontrolled CPU usage, leading to a Denial of Service in the DNSSEC-validating resolver side. This vulnerability applies only for systems where DNSSEC validation is enabled...

CentOS 8 : dnsmasq (CESA-2024:1335)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2024:1335 advisory. - Certain DNSSEC aspects of the DNS protocol in RFC 4033, 4034, 4035, 6840, and related RFCs allow remote attackers to cause a denial of service CPU...

RHEL 9 : dnsmasq (RHSA-2024:1334)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1334 advisory. The dnsmasq packages contain Dnsmasq, a lightweight DNS Domain Name Server forwarder and DHCP Dynamic Host Configuration Protocol server...

Amazon Linux 2023 : dnsmasq, dnsmasq-utils (ALAS2023-2024-552)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-552 advisory. Certain DNSSEC aspects of the DNS protocol in RFC 4035 and related RFCs allow remote attackers to cause a denial of service CPU consumption via one or more DNSSEC responses when there is a zone...

Amazon Linux 2023 : python3-unbound, unbound, unbound-anchor (ALAS2023-2024-553)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-553 advisory. Certain DNSSEC aspects of the DNS protocol in RFC 4035 and related RFCs allow remote attackers to cause a denial of service CPU consumption via one or more DNSSEC responses when there is a zone...

Amazon Linux 2023 : bind, bind-chroot, bind-devel (ALAS2023-2024-550)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-550 advisory. The DNS message parsing code in named includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may...

Important: bind

Issue Overview: The DNS message parsing code in named includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected named instance by exploiting this flaw. This...

Important: unbound

Issue Overview: Certain DNSSEC aspects of the DNS protocol in RFC 4035 and related RFCs allow remote attackers to cause a denial of service CPU consumption via one or more DNSSEC responses when there is a zone with many DNSKEY and RRSIG records, aka the "KeyTrap" issue. The protocol specification...

Amazon Linux 2 : unbound (ALAS-2024-2481)

The version of unbound installed on the remote host is prior to 1.7.3-15. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2481 advisory. Certain DNSSEC aspects of the DNS protocol in RFC 4035 and related RFCs allow remote attackers to cause a denial of servi...

CLSA-2024-1709562964 Fix CVE(s): CVE-2023-50387, CVE-2023-50868

SECURITY UPDATE: KeyTrap denial of service vulnerability - debian/patches/CVE-2023-50387-20230-50868.patch: Fix DNSSEC verification complexity issue by updating verification function signatures. - debian/patches/CVE-2023-50387-fix-1.patch: Allow the original CVE-2023-50387 patch to work if multip...

CLSA-2024-1709562163 Fix CVE(s): CVE-2023-50387, CVE-2023-50868

SECURITY UPDATE: KeyTrap denial of service vulnerability - debian/patches/CVE-2023-50387-20230-50868.patch: Fix DNSSEC verification complexity issue by updating verification function signatures. - debian/patches/CVE-2023-50387-fix-1.patch: Allow the original CVE-2023-50387 patch to work if multip...

Important: unbound

Issue Overview: Certain DNSSEC aspects of the DNS protocol in RFC 4035 and related RFCs allow remote attackers to cause a denial of service CPU consumption via one or more DNSSEC responses when there is a zone with many DNSKEY and RRSIG records, aka the "KeyTrap" issue. The protocol specification...

OESA-2024-1210 unbound security update

Unbound is a validating, recursive, caching DNS resolver. It is designed to be fast and lean and incorporates modern features based on open standards. To help increase online privacy, Unbound supports DNS-over-TLS which allows clients to encrypt their communication. Unbound is available for most...

AlmaLinux 8 : unbound (ALSA-2024:0965)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:0965 advisory. - Certain DNSSEC aspects of the DNS protocol in RFC 4033, 4034, 4035, 6840, and related RFCs allow remote attackers to cause a denial of service CPU...

Oracle Linux 9 : unbound (ELSA-2024-0977)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-0977 advisory. 1.16.2-3.1 - Fix DNSSEC validation vulnerabilities which can lead to DoS in trivially orchestrated attacks CVE-2023-50387 and CVE-2023-50868 Tenable ha...