Bugzilla – Bug 1207471
VUL-0: CVE-2022-3094: bind: An UPDATE message flood may cause named to exhaust all available memory
Last modified: 2024-05-03 09:58:26 UTC
This is an autogenerated message for OBS integration: This bug (1207471) was mentioned in https://build.opensuse.org/request/show/1060984 Factory / bind
We should consider every version affected, even tough the impact for < v9.11 is lowered: - SUSE:SLE-11-SP2:Update - SUSE:SLE-12-SP1:Update - SUSE:SLE-12-SP4:Update - SUSE:SLE-15-SP3:Update - SUSE:SLE-15-SP4:Update - SUSE:SLE-15:Update
(In reply to Thomas Leroy from comment #6) > We should consider every version affected, even tough the impact for < v9.11 > is lowered: > - SUSE:SLE-11-SP2:Update > - SUSE:SLE-12-SP1:Update > - SUSE:SLE-12-SP4:Update > - SUSE:SLE-15-SP3:Update > - SUSE:SLE-15-SP4:Update > - SUSE:SLE-15:Update Okay I'll have a look at the older versions. I'm working on the patch backport for 15SP3 and should have that ready soon.
After having a look at the older codestreams I tend to agree with the ISCs assessment that it isn't worth patching versions before 9.16. All other affected codestreams have been patched, so closing.
SUSE-SU-2023:0341-1: An update that fixes three vulnerabilities, contains one feature is now available. Category: security (important) Bug References: 1207471,1207473,1207475 CVE References: CVE-2022-3094,CVE-2022-3736,CVE-2022-3924 JIRA References: SLE-24600 Sources used: openSUSE Leap 15.4 (src): bind-9.16.37-150400.5.17.1 SUSE Linux Enterprise Module for Server Applications 15-SP4 (src): bind-9.16.37-150400.5.17.1 SUSE Linux Enterprise Module for Basesystem 15-SP4 (src): bind-9.16.37-150400.5.17.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:0427-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 1207471 CVE References: CVE-2022-3094 JIRA References: Sources used: openSUSE Leap 15.4 (src): bind-9.16.6-150300.22.27.1 SUSE Manager Server 4.2 (src): bind-9.16.6-150300.22.27.1 SUSE Manager Retail Branch Server 4.2 (src): bind-9.16.6-150300.22.27.1 SUSE Manager Proxy 4.2 (src): bind-9.16.6-150300.22.27.1 SUSE Linux Enterprise Server for SAP 15-SP3 (src): bind-9.16.6-150300.22.27.1 SUSE Linux Enterprise Server 15-SP3-LTSS (src): bind-9.16.6-150300.22.27.1 SUSE Linux Enterprise Realtime Extension 15-SP3 (src): bind-9.16.6-150300.22.27.1 SUSE Linux Enterprise Module for Basesystem 15-SP4 (src): bind-9.16.6-150300.22.27.1 SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (src): bind-9.16.6-150300.22.27.1 SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (src): bind-9.16.6-150300.22.27.1 SUSE Enterprise Storage 7.1 (src): bind-9.16.6-150300.22.27.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
done, closing