ALINUX2-SA-2024:0033: bind security update (Important)

Package updates are available for Alibaba Cloud Linux 2.1903 that fix the following vulnerabilities:

CVE-2024-1737:
Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name.
This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.4-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.

CVE-2024-1975:
If a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG(0) signed requests.
This issue affects BIND 9 versions 9.0.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.49-S1, and 9.18.11-S1 through 9.18.27-S1.

aarch64
- bind-9.11.4-26.P2.7.al7.17.aarch64.rpm → (download)
- bind-chroot-9.11.4-26.P2.7.al7.17.aarch64.rpm → (download)
- bind-debuginfo-9.11.4-26.P2.7.al7.17.aarch64.rpm → (download)
- bind-devel-9.11.4-26.P2.7.al7.17.aarch64.rpm → (download)
- bind-export-devel-9.11.4-26.P2.7.al7.17.aarch64.rpm → (download)
- bind-export-libs-9.11.4-26.P2.7.al7.17.aarch64.rpm → (download)
- bind-libs-9.11.4-26.P2.7.al7.17.aarch64.rpm → (download)
- bind-libs-lite-9.11.4-26.P2.7.al7.17.aarch64.rpm → (download)
- bind-lite-devel-9.11.4-26.P2.7.al7.17.aarch64.rpm → (download)
- bind-pkcs11-9.11.4-26.P2.7.al7.17.aarch64.rpm → (download)
- bind-pkcs11-devel-9.11.4-26.P2.7.al7.17.aarch64.rpm → (download)
- bind-pkcs11-libs-9.11.4-26.P2.7.al7.17.aarch64.rpm → (download)
- bind-pkcs11-utils-9.11.4-26.P2.7.al7.17.aarch64.rpm → (download)
- bind-sdb-9.11.4-26.P2.7.al7.17.aarch64.rpm → (download)
- bind-sdb-chroot-9.11.4-26.P2.7.al7.17.aarch64.rpm → (download)
- bind-utils-9.11.4-26.P2.7.al7.17.aarch64.rpm → (download)
i686
- bind-9.11.4-26.P2.7.al7.17.i686.rpm → (download)
- bind-chroot-9.11.4-26.P2.7.al7.17.i686.rpm → (download)
- bind-debuginfo-9.11.4-26.P2.7.al7.17.i686.rpm → (download)
- bind-devel-9.11.4-26.P2.7.al7.17.i686.rpm → (download)
- bind-export-devel-9.11.4-26.P2.7.al7.17.i686.rpm → (download)
- bind-export-libs-9.11.4-26.P2.7.al7.17.i686.rpm → (download)
- bind-libs-9.11.4-26.P2.7.al7.17.i686.rpm → (download)
- bind-libs-lite-9.11.4-26.P2.7.al7.17.i686.rpm → (download)
- bind-lite-devel-9.11.4-26.P2.7.al7.17.i686.rpm → (download)
- bind-pkcs11-9.11.4-26.P2.7.al7.17.i686.rpm → (download)
- bind-pkcs11-devel-9.11.4-26.P2.7.al7.17.i686.rpm → (download)
- bind-pkcs11-libs-9.11.4-26.P2.7.al7.17.i686.rpm → (download)
- bind-pkcs11-utils-9.11.4-26.P2.7.al7.17.i686.rpm → (download)
- bind-sdb-9.11.4-26.P2.7.al7.17.i686.rpm → (download)
- bind-sdb-chroot-9.11.4-26.P2.7.al7.17.i686.rpm → (download)
- bind-utils-9.11.4-26.P2.7.al7.17.i686.rpm → (download)
src
- bind-9.11.4-26.P2.7.al7.17.src.rpm → (download)
x86_64
- bind-9.11.4-26.P2.7.al7.17.x86_64.rpm → (download)
- bind-chroot-9.11.4-26.P2.7.al7.17.x86_64.rpm → (download)
- bind-debuginfo-9.11.4-26.P2.7.al7.17.x86_64.rpm → (download)
- bind-devel-9.11.4-26.P2.7.al7.17.x86_64.rpm → (download)
- bind-export-devel-9.11.4-26.P2.7.al7.17.x86_64.rpm → (download)
- bind-export-libs-9.11.4-26.P2.7.al7.17.x86_64.rpm → (download)
- bind-libs-9.11.4-26.P2.7.al7.17.x86_64.rpm → (download)
- bind-libs-lite-9.11.4-26.P2.7.al7.17.x86_64.rpm → (download)
- bind-lite-devel-9.11.4-26.P2.7.al7.17.x86_64.rpm → (download)
- bind-pkcs11-9.11.4-26.P2.7.al7.17.x86_64.rpm → (download)
- bind-pkcs11-devel-9.11.4-26.P2.7.al7.17.x86_64.rpm → (download)
- bind-pkcs11-libs-9.11.4-26.P2.7.al7.17.x86_64.rpm → (download)
- bind-pkcs11-utils-9.11.4-26.P2.7.al7.17.x86_64.rpm → (download)
- bind-sdb-9.11.4-26.P2.7.al7.17.x86_64.rpm → (download)
- bind-sdb-chroot-9.11.4-26.P2.7.al7.17.x86_64.rpm → (download)
- bind-utils-9.11.4-26.P2.7.al7.17.x86_64.rpm → (download)
noarch
- bind-license-9.11.4-26.P2.7.al7.17.noarch.rpm → (download)

Alibaba Cloud Linux 2.1903 Security Advisory: ALINUX2-SA-2024:0033

Summary

Severity

Description

References

Updated Packages