Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2023-3291)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2023-3323)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Vulnerabilities in OpenSSL affect GCM16 & GCM32 KVM Switch Firmware (CVE-2018-0734, CVE-2018-0737, CVE-2018-0739)

Summary GCM16 & GCM32 KVM Switch Firmware have addressed the following vulnerabilities in OpenSSL. Vulnerability Details CVEID: CVE-2018-0734 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a timing side channel attack in the DSA signature algorithm. ...

K000137582: BIND vulnerability CVE-2023-3341

Security Advisory Description The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run...

kernel: wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback()

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: Fix potential stack-out-of-bounds write in ath9kwmirspcallback Fix a stack-out-of-bounds write that occurs in a WMI response callback function that is called after a timeout occurs in ath9kwmicmd. The callback writes...

Mageia: Security Advisory (MGASA-2023-0303)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 9 : bind (ELSA-2023-5689)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-5689 advisory. 32:9.16.23-11.2 - stack exhaustion in control channel code may lead to DoS CVE-2023-3341 Tenable has extracted the preceding description block directly from the...

Oracle Linux 7 : bind (ELSA-2023-5691)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-5691 advisory. 32:9.11.4-26.P2.15 - Limit the amount of recursion possible in control channel CVE-2023-3341 Tenable has extracted the preceding description block directly from...

Ubuntu 16.04 ESM / 18.04 ESM : Bind vulnerability (USN-6421-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-6421-1 advisory. It was discovered that Bind incorrectly handled certain control channel messages. A remote attacker with access to the control channel could possibly...

Amazon Linux AMI : bind (ALAS-2023-1845)

The version of bind installed on the remote host is prior to 9.8.2-0.68.rc1.91. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1845 advisory. The code that processes control channel messages sent to named calls certain functions recursively during packet parsing...

Oracle Linux 8 : bind (ELSA-2023-5474)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-5474 advisory. 32:9.11.36-8.2 - stack exhaustion in control channel code may lead to DoS CVE-2023-3341 Tenable has extracted the preceding description block directly from the...

Amazon Linux 2 : bind (ALAS-2023-2273)

The version of bind installed on the remote host is prior to 9.11.4-26.P2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2273 advisory. The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursi...

Amazon Linux 2023 : bind, bind-chroot, bind-devel (ALAS2023-2023-372)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-372 advisory. The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending o...

Important: bind

Issue Overview: The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of availab...

Fedora 38 : bind / bind-dyndb-ldap (2023-a2621f58a9)

The remote Fedora 38 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-a2621f58a9 advisory. BIND 9.18.19 Security Fixes - Previously, sending a specially crafted message over the control channel could cause the packet- parsing code to run o...

SUSE SLES12 Security Update : bind (SUSE-SU-2023:3796-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:3796-1 advisory. - The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth ...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : bind (SUSE-SU-2023:3737-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:3737-1 advisory. - The code that processes control channel messages sent to named calls certain functions recursively duri...

Debian DSA-5504-1 : bind9 - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5504 advisory. Several vulnerabilities were discovered in BIND, a DNS server implementation. CVE-2023-3341 A stack exhaustion flaw was discovered in the control channel cod...

CVE-2023-3341

The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory,...

ISC BIND 9.2.0 < 9.16.44 / 9.9.3-S1 < 9.16.44-S1 / 9.18.0 < 9.18.19 / 9.18.0-S1 < 9.18.19-S1 / 9.19.0 < 9.19.17 Vulnerability (cve-2023-3341)

The version of ISC BIND installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cve-2023-3341 advisory. - The code that processes control channel messages sent to named calls certain functions recursively during packet parsing...