Bug 1215471 (CVE-2023-4236)

Summary: VUL-0: CVE-2023-4236: bind: named may terminate unexpectedly under high DNS-over-TLS query load
Product: [Novell Products] SUSE Security Incidents Reporter: Alexander Bergmann <abergmann>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: abergmann, meissner, rfrohl
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/379121/
Whiteboard: CVSSv3.1:SUSE:CVE-2023-4236:7.5:(AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Comment 4 Marcus Meissner 2023-09-20 12:49:54 UTC 
is public

On 20 September 2023 we (Internet Systems Consortium) disclosed two vulnerabilities affecting our BIND 9 software:


- CVE-2023-4236:        named may terminate unexpectedly under high DNS-over-TLS query load https://kb.isc.org/docs/cve-2023-4236

New versions of BIND 9 are available from https://www.isc.org/downloads

Operators and package maintainers who prefer to apply patches selectively can find individual vulnerability-specific patches in the "patches" subdirectory of each published release directory:

- https://downloads.isc.org/isc/bind9/9.16.44/patches/
- https://downloads.isc.org/isc/bind9/9.18.19/patches/
- https://downloads.isc.org/isc/bind9/9.19.17/patches/

With the public announcement of these vulnerabilities, the embargo period is ended and any updated software packages that have been prepared may be released.

-- 
Best regards,
Michał Kępień
Comment 5 OBSbugzilla Bot 2023-09-20 14:05:03 UTC 
This is an autogenerated message for OBS integration:
This bug (1215471) was mentioned in
https://build.opensuse.org/request/show/1112571 Factory / bind
Comment 7 Jorik Cronenberg 2023-10-04 09:22:16 UTC 
Submissions for all affected codestreams are accepted.
Comment 8 Robert Frohl 2024-06-05 13:50:30 UTC 
done, closing