Debian Security Advisory
DSA-5439-1 bind9 -- security update
- Date Reported:
- 25 Jun 2023
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2023-2828, CVE-2023-2911.
- More information:
Several vulnerabilities were discovered in BIND, a DNS server implementation.
Shoham Danino, Anat Bremler-Barr, Yehuda Afek and Yuval Shavitt discovered that a flaw in the cache-cleaning algorithm used in named can cause that named's configured cache size limit can be significantly exceeded, potentially resulting in denial of service.
It was discovered that a flaw in the handling of recursive-clients quota may result in denial of service (named daemon crash).
For the oldstable distribution (bullseye), these problems have been fixed in version 1:9.16.42-1~deb11u1.
For the stable distribution (bookworm), these problems have been fixed in version 1:9.18.16-1~deb12u1.
We recommend that you upgrade your bind9 packages.
For the detailed security status of bind9 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/bind9