CLSA-2024-1710436801 Update of bind

Fix pthread barrier initialization in iscnetmgrcreate...

bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator

Processing specially crafted responses coming from DNSSEC-signed zones can lead to uncontrolled CPU usage, leading to a Denial of Service in the DNSSEC-validating resolver side. This vulnerability applies only for systems where DNSSEC validation is enabled...

bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources

A flaw was found in bind9. By flooding a DNSSEC resolver with responses coming from a DNSEC-signed zone using NSEC3, an attacker can lead the targeted resolver to a CPU exhaustion, further leading to a Denial of Service on the targeted host. This vulnerability applies only for systems where DNSSE...

bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator

Processing specially crafted responses coming from DNSSEC-signed zones can lead to uncontrolled CPU usage, leading to a Denial of Service in the DNSSEC-validating resolver side. This vulnerability applies only for systems where DNSSEC validation is enabled...

KiTTY 0.76.1.13 - 'Start Duplicated Session Username' Buffer Overflow

Exploit Title: KiTTY 0.76.1.13 - 'Start Duplicated Session Username' Buffer Overflow Exploit Author: DEFCESCO Austin A. DeFrancesco Vendor Homepage: https://github.com/cyd01/KiTTY/= Software Link: https://github.com/cyd01/KiTTY/releases/download/v0.76.1.13/kitty-bin-0.76.1.13.zip Version: ≤...

ROS-2-1422

2.1422 Multiple vulnerabilities in ISC BIND CVE-2021-25216, CVE-2021-25215, CVE-2021-25214 1. Vulnerability Description: CVE-2021-25216 A vulnerability exists due to a boundary error in the GSS-TSIG extension. A remote attacker can send specially crafted requests to the server, trigger a buffer...

ROS-2-1439

2.1439 Multiple vulnerabilities in ISC BIND CVE-2021-25216, CVE-2021-25215, CVE-2021-25214 1. Vulnerability Description: CVE-2021-25216 A vulnerability exists due to a boundary error in the GSS-TSIG extension. A remote attacker can send specially crafted requests to the server, trigger a buffer...

K000138895: BIND vulnerability CVE-2023-5679

Security Advisory Description A bad interaction between DNS64 and serve-stale may cause named to crash with an assertion failure during recursive resolution, when both of these features are enabled. This issue affects BIND 9 versions 9.16.12 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through...

Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2024-1256)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP8 : bind (EulerOS-SA-2024-1256)

According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth is only...

OESA-2024-1264 arm-trusted-firmware security update

Trusted Firmware-A is a reference implementation of secure world software for Arm A-Profile architectures Armv8-A and Armv7-A, including an Exception Level 3 EL3 Secure Monitor. Security Fixes: Trusted Firmware-A TF-A before 2.10 has a potential read out-of-bounds in the SDEI service. The input...

UBUNTU-CVE-2024-27304

pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker's control. T...

BIT-GRAFANA-2020-12459

In certain Red Hat packages for Grafana 6.x through 6.3.6, the configuration files /etc/grafana/grafana.ini and /etc/grafana/ldap.toml which contain a secretkey and a bindpassword are world readable...

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: kube-state-metrics, kubeadm-bootstrap-controller, grafana-operator, crossplane-provider-aws-route53, minio, flux-image-reflector-controller, prometheus-operator, grpcurl, crossplane-provider-aws-sqs, falco, cluster-proportional-autoscaler, grpc-health-probe,...

CVE-2023-6516 affecting package bind for versions less than 9.16.48-1

CVE-2023-6516 affecting package bind for versions less than 9.16.48-1. A patched version of the package is available...

CVE-2023-50387 affecting package bind for versions less than 9.16.48-1

CVE-2023-50387 affecting package bind for versions less than 9.16.48-1. An upgraded version of the package is available that resolves this issue...

CVE-2023-4408 affecting package bind for versions less than 9.16.48-1

CVE-2023-4408 affecting package bind for versions less than 9.16.48-1. An upgraded version of the package is available that resolves this issue...

CVE-2023-5679 affecting package bind for versions less than 9.16.48-1

CVE-2023-5679 affecting package bind for versions less than 9.16.48-1. An upgraded version of the package is available that resolves this issue...

CentOS: Security Advisory for bind (CESA-2023:5691)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Important: bind

Issue Overview: The DNS message parsing code in named includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected named instance by exploiting this flaw. This...