Opened 8 weeks ago
Closed 8 weeks ago
#20130 closed enhancement (fixed)
bind9 bind 9.18.28
| Reported by: | Douglas R. Reno | Owned by: | Douglas R. Reno |
|---|---|---|---|
| Priority: | elevated | Milestone: | 12.2 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description
New point version of the BIND server and utilities
This is a security update:
Security Fixes
A malicious DNS client that sent many queries over TCP but never
read the responses could cause a server to respond slowly or not at all
for other clients. This has been fixed. (CVE-2024-0760) [GL #4481]
It is possible to craft excessively large resource records sets,
which have the effect of slowing down database processing. This has been
addressed by adding a configurable limit to the number of records that
can be stored per name and type in a cache or zone database. The default
is 100, which can be tuned with the new max-records-per-type option. [GL
#497] [GL #3405]
It is possible to craft excessively large numbers of resource record
types for a given owner name, which has the effect of slowing down
database processing. This has been addressed by adding a configurable
limit to the number of records that can be stored per name and type in a
cache or zone database. The default is 100, which can be tuned with the
new max-types-per-name option. (CVE-2024-1737) [GL #3403]
ISC would like to thank Toshifumi Sakaguchi who independently
discovered and responsibly reported the issue to ISC. [GL #4548]
Validating DNS messages signed using the SIG(0) protocol (RFC 2931)
could cause excessive CPU load, leading to a denial-of-service
condition. Support for SIG(0) message validation was removed from this
version of named. (CVE-2024-1975) [GL #4480]
Due to a logic error, lookups that triggered serving stale data and
required lookups in local authoritative zone data could have resulted in
an assertion failure. This has been fixed. (CVE-2024-4076) [GL #4507]
Potential data races were found in our DoH implementation, related
to HTTP/2 session object management and endpoints set object management
after reconfiguration. These issues have been fixed. [GL #4473]
ISC would like to thank Dzintars and Ivo from nic.lv for bringing
this to our attention.
When looking up the NS records of parent zones as part of looking up
DS records, it was possible for named to trigger an assertion failure if
serve-stale was enabled. This has been fixed. [GL #4661]
Bug Fixes
Command-line options for IPv4-only (named -4) and IPv6-only (named
-6) modes are now respected for zone primaries, also-notify, and
parental-agents. [GL #3472]
An RPZ response’s SOA record TTL was set to 1 instead of the SOA
TTL, if add-soa was used. This has been fixed. [GL #3323]
When a query related to zone maintenance (NOTIFY, SOA) timed out
close to a view shutdown (triggered e.g. by rndc reload), named could
crash with an assertion failure. This has been fixed. [GL #4719]
The statistics channel counters that indicated the number of
currently connected TCP IPv4/IPv6 clients were not properly adjusted in
certain failure scenarios. This has been fixed. [GL #4742]
Some servers that could not be reached due to EHOSTDOWN or ENETDOWN
conditions were incorrectly prioritized during server selection. These
are now properly handled as unreachable. [GL #4736]
On some systems the libuv call may return an error code when sending
a TCP reset for a connection, which triggers an assertion failure in
named. This error condition is now dealt with in a more graceful manner,
by logging the incident and shutting down the connection. [GL #4708]
Change History (3)
comment:1 by , 8 weeks ago
| Priority: | normal → elevated |
|---|
comment:2 by , 8 weeks ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:3 by , 8 weeks ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Note:
See TracTickets
for help on using tickets.
Fixed at 909bfd0da1a3bcf89140f44760e190fca0aeb5cf SA-12.1-080 issued