Bugzilla – Bug 1219826
VUL-0: CVE-2023-50868: unbound, bind, pdns, dnsmasq: Denial Of Service while trying to validate specially crafted DNSSEC responses
Last modified: 2024-06-17 08:30:34 UTC
bind versions prior 9.11.37 look affected too. With this we have all unbound and bind versions affected: - SUSE:ALP:Source:Standard:1.0/bind - SUSE:SLE-11-SP2:Update/bind - SUSE:SLE-12-SP1:Update/bind - SUSE:SLE-12-SP4:Update/bind - SUSE:SLE-15-SP3:Update/bind - SUSE:SLE-15-SP4:Update/bind - SUSE:SLE-15-SP5:Update/bind - SUSE:SLE-15:Update/bind - SUSE:SLE-15:Update:Products:ManagerToolsBeta:Update/bind - SUSE:ALP:Source:Standard:1.0/unbound - SUSE:SLE-15-SP1:Update/unbound - SUSE:SLE-15:Update/unbound
https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html
also bind published https://downloads.isc.org/isc/bind9/9.18.24/doc/arm/html/notes.html#security-fixes
This is an autogenerated message for OBS integration: This bug (1219826) was mentioned in https://build.opensuse.org/request/show/1146434 Factory / pdns-recursor https://build.opensuse.org/request/show/1146435 Backports:SLE-15-SP6 / pdns-recursor https://build.opensuse.org/request/show/1146439 Backports:SLE-15-SP5 / pdns-recursor
This is an autogenerated message for OBS integration: This bug (1219826) was mentioned in https://build.opensuse.org/request/show/1146454 Factory / bind
dnsmasq also affected: https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html
openSUSE-SU-2024:0048-1: An update that fixes three vulnerabilities is now available. Category: security (important) Bug References: 1209897,1219823,1219826 CVE References: CVE-2023-26437,CVE-2023-50387,CVE-2023-50868 JIRA References: Sources used: openSUSE Backports SLE-15-SP5 (src): pdns-recursor-4.8.6-bp155.2.3.1
All dnsmasq codestreams look affected too: - SUSE:ALP:Source:Standard:1.0 - SUSE:SLE-11-SP4:Update - SUSE:SLE-12-SP1:Update - SUSE:SLE-15-SP1:Update - SUSE:SLE-15-SP4:Update - SUSE:SLE-15:Update - openSUSE:Factory
SUSE-SU-2024:0574-1: An update that solves six vulnerabilities can now be installed. Category: security (important) Bug References: 1219823, 1219826, 1219851, 1219852, 1219853, 1219854 CVE References: CVE-2023-4408, CVE-2023-50387, CVE-2023-50868, CVE-2023-5517, CVE-2023-5679, CVE-2023-6516 Sources used: openSUSE Leap 15.5 (src): bind-9.16.48-150500.8.16.1 Basesystem Module 15-SP5 (src): bind-9.16.48-150500.8.16.1 Server Applications Module 15-SP5 (src): bind-9.16.48-150500.8.16.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:0590-1: An update that solves six vulnerabilities can now be installed. Category: security (important) Bug References: 1219823, 1219826, 1219851, 1219852, 1219853, 1219854 CVE References: CVE-2023-4408, CVE-2023-50387, CVE-2023-50868, CVE-2023-5517, CVE-2023-5679, CVE-2023-6516 Sources used: openSUSE Leap 15.4 (src): bind-9.16.48-150400.5.40.1 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (src): bind-9.16.48-150400.5.40.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (src): bind-9.16.48-150400.5.40.1 SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (src): bind-9.16.48-150400.5.40.1 SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (src): bind-9.16.48-150400.5.40.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4 (src): bind-9.16.48-150400.5.40.1 SUSE Manager Proxy 4.3 (src): bind-9.16.48-150400.5.40.1 SUSE Manager Retail Branch Server 4.3 (src): bind-9.16.48-150400.5.40.1 SUSE Manager Server 4.3 (src): bind-9.16.48-150400.5.40.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
- SUSE:SLE-11-SP4:Update - SUSE:SLE-12-SP1:Update - SUSE:SLE-12-SP4:Update - SUSE:SLE-15-SP3:Update - SUSE:SLE-15:Update still needs submits.
Hello, I've a L3 ticket requesting for a PTF fix for this CVE, for bind from SLES11 SP3. Any estimates when we can get a patch for bind bind-9.9.6-P1?
This is an autogenerated message for OBS integration: This bug (1219826) was mentioned in https://build.opensuse.org/request/show/1177373 Backports:SLE-12-SP4 / pdns-recursor
SUSE-SU-2024:1894-1: An update that solves three vulnerabilities can now be installed. Category: security (important) Bug References: 1219823, 1219826, 1219851 CVE References: CVE-2023-4408, CVE-2023-50387, CVE-2023-50868 Maintenance Incident: [SUSE:Maintenance:34020](https://smelt.suse.de/incident/34020/) Sources used: SUSE Linux Enterprise Software Development Kit 12 SP5 (src): bind-9.11.22-3.52.1 SUSE Linux Enterprise High Performance Computing 12 SP5 (src): bind-9.11.22-3.52.1 SUSE Linux Enterprise Server 12 SP5 (src): bind-9.11.22-3.52.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): bind-9.11.22-3.52.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:1923-1: An update that solves five vulnerabilities and contains one feature can now be installed. Category: security (important) Bug References: 1202031, 1202033, 1203643, 1219823, 1219826 CVE References: CVE-2022-30698, CVE-2022-30699, CVE-2022-3204, CVE-2023-50387, CVE-2023-50868 Jira References: PED-8333 Maintenance Incident: [SUSE:Maintenance:34099](https://smelt.suse.de/incident/34099/) Sources used: openSUSE Leap 15.6 (src): unbound-1.20.0-150600.23.3.1, libunbound-devel-mini-1.20.0-150600.23.3.1 Basesystem Module 15-SP6 (src): unbound-1.20.0-150600.23.3.1 SUSE Package Hub 15 15-SP6 (src): unbound-1.20.0-150600.23.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:1991-1: An update that solves five vulnerabilities and contains one feature can now be installed. Category: security (important) Bug References: 1202031, 1202033, 1203643, 1219823, 1219826 CVE References: CVE-2022-30698, CVE-2022-30699, CVE-2022-3204, CVE-2023-50387, CVE-2023-50868 Jira References: PED-8333 Maintenance Incident: [SUSE:Maintenance:34098](https://smelt.suse.de/incident/34098/) Sources used: SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): unbound-1.20.0-150100.10.13.1 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (src): unbound-1.20.0-150100.10.13.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (src): unbound-1.20.0-150100.10.13.1 SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (src): unbound-1.20.0-150100.10.13.1 SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): unbound-1.20.0-150100.10.13.1 SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): unbound-1.20.0-150100.10.13.1 SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (src): unbound-1.20.0-150100.10.13.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): unbound-1.20.0-150100.10.13.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): unbound-1.20.0-150100.10.13.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4 (src): unbound-1.20.0-150100.10.13.1 SUSE Manager Proxy 4.3 (src): unbound-1.20.0-150100.10.13.1 SUSE Manager Retail Branch Server 4.3 (src): unbound-1.20.0-150100.10.13.1 SUSE Manager Server 4.3 (src): unbound-1.20.0-150100.10.13.1 SUSE Enterprise Storage 7.1 (src): unbound-1.20.0-150100.10.13.1 openSUSE Leap 15.5 (src): unbound-1.20.0-150100.10.13.1 SUSE Linux Enterprise Micro 5.5 (src): unbound-1.20.0-150100.10.13.1 Basesystem Module 15-SP5 (src): unbound-1.20.0-150100.10.13.1 SUSE Package Hub 15 15-SP5 (src): unbound-1.20.0-150100.10.13.1 SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): unbound-1.20.0-150100.10.13.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:1982-1: An update that solves five vulnerabilities can now be installed. Category: security (important) Bug References: 1219823, 1219826, 1219851, 1219852, 1219854 CVE References: CVE-2023-4408, CVE-2023-50387, CVE-2023-50868, CVE-2023-5517, CVE-2023-6516 Maintenance Incident: [SUSE:Maintenance:34202](https://smelt.suse.de/incident/34202/) Sources used: SUSE Enterprise Storage 7.1 (src): bind-9.16.6-150300.22.44.1 openSUSE Leap 15.3 (src): bind-9.16.6-150300.22.44.1 Basesystem Module 15-SP6 (src): bind-9.16.6-150300.22.44.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): bind-9.16.6-150300.22.44.1 SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): bind-9.16.6-150300.22.44.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): bind-9.16.6-150300.22.44.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:2033-1: An update that solves five vulnerabilities can now be installed. Category: security (important) Bug References: 1219823, 1219826, 1219851, 1219852, 1219854 CVE References: CVE-2023-4408, CVE-2023-50387, CVE-2023-50868, CVE-2023-5517, CVE-2023-6516 Maintenance Incident: [SUSE:Maintenance:34201](https://smelt.suse.de/incident/34201/) Sources used: SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): libuv-1.18.0-150000.3.2.1, bind-9.16.6-150000.12.74.2 SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): libuv-1.18.0-150000.3.2.1, bind-9.16.6-150000.12.74.2 SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): libuv-1.18.0-150000.3.2.1, bind-9.16.6-150000.12.74.2 SUSE Manager Client Tools for SLE Micro 5 (src): libuv-1.18.0-150000.3.2.1, bind-9.16.6-150000.12.74.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.