drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in bind
| Name: |
Denial of Service in bind |
|
| ID: |
SUSE-SU-2025:0337-1 |
|
| Distribution: |
SUSE |
|
| Plattformen: |
SUSE Linux Enterprise Micro 5.0, SUSE Linux Enterprise Micro 5.1, SUSE Linux Enterprise Micro 5.2, SUSE Linux Enterprise Micro 5.3, SUSE Linux Enterprise Micro 5.4, SUSE Manager Client Tools for SLE Micro 5, SUSE Linux Enterprise Micro 5.5 |
|
| Datum: |
Mo, 3. Februar 2025, 22:21 |
|
| Referenzen: |
https://www.cve.org/CVERecord?id=CVE-2024-11187 |
|
| Applikationen: |
BIND |
|
Originalnachricht |
--===============0851017967054932503==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
# Security update for bind
Announcement ID: SUSE-SU-2025:0337-1
Release Date: 2025-02-03T15:10:35Z
Rating: important
References:
* bsc#1236596
Cross-References:
* CVE-2024-11187
CVSS scores:
* CVE-2024-11187 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-11187 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-11187 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* SUSE Linux Enterprise Micro 5.0
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Manager Client Tools for SLE Micro 5
An update that solves one vulnerability can now be installed.
## Description:
This update for bind fixes the following issues:
* CVE-2024-11187: Fixes CPU exhaustion caused by many records in the
additional section (bsc#1236596)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Manager Client Tools for SLE Micro 5
zypper in -t patch SUSE-SLE-Manager-Tools-For-Micro-5-2025-337=1
## Package List:
* SUSE Manager Client Tools for SLE Micro 5 (aarch64 s390x x86_64)
* libirs1601-9.16.6-150000.12.80.1
* libbind9-1600-9.16.6-150000.12.80.1
* libisccc1600-9.16.6-150000.12.80.1
* libisc1606-9.16.6-150000.12.80.1
* bind-utils-9.16.6-150000.12.80.1
* libns1604-debuginfo-9.16.6-150000.12.80.1
* libns1604-9.16.6-150000.12.80.1
* libdns1605-9.16.6-150000.12.80.1
* libisccfg1600-9.16.6-150000.12.80.1
* SUSE Manager Client Tools for SLE Micro 5 (aarch64_ilp32)
* libisccc1600-64bit-9.16.6-150000.12.80.1
* libisccfg1600-64bit-9.16.6-150000.12.80.1
* libbind9-1600-64bit-9.16.6-150000.12.80.1
* libisc1606-64bit-9.16.6-150000.12.80.1
* libdns1605-64bit-9.16.6-150000.12.80.1
* libirs1601-64bit-9.16.6-150000.12.80.1
* SUSE Manager Client Tools for SLE Micro 5 (noarch)
* python3-bind-9.16.6-150000.12.80.1
## References:
* https://www.suse.com/security/cve/CVE-2024-11187.html
* https://bugzilla.suse.com/show_bug.cgi?id=1236596
--===============0851017967054932503==
Content-Type: text/html; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
<div class="container">
<h1>Security update for bind</h1>
<table class="table table-striped table-bordered">
<tbody>
<tr>
<th>Announcement ID:</th>
<td>SUSE-SU-2025:0337-1</td>
</tr>
<tr>
<th>Release Date:</th>
<td>2025-02-03T15:10:35Z</td>
</tr>
<tr>
<th>Rating:</th>
<td>important</td>
</tr>
<tr>
<th>References:</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1236596">bsc#1236596</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>
Cross-References:
</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-11187.html">CVE-2024-11187</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>CVSS scores:</th>
<td>
<ul class="list-group">
<li class="list-group-item">
<span
class="cvss-reference">CVE-2024-11187</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span
class="cvss-score">8.7</span>
<span
class="cvss-vector">CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2024-11187</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span
class="cvss-score">7.5</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2024-11187</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">7.5</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</span>
</li>
</ul>
</td>
</tr>
<tr>
<th>Affected Products:</th>
<td>
<ul class="list-group">
<li class="list-group-item">SUSE Linux
Enterprise Micro 5.0</li>
<li class="list-group-item">SUSE Linux
Enterprise Micro 5.1</li>
<li class="list-group-item">SUSE Linux
Enterprise Micro 5.2</li>
<li class="list-group-item">SUSE Linux
Enterprise Micro 5.3</li>
<li class="list-group-item">SUSE Linux
Enterprise Micro 5.4</li>
<li class="list-group-item">SUSE Linux
Enterprise Micro 5.5</li>
<li class="list-group-item">SUSE Manager
Client Tools for SLE Micro 5</li>
</ul>
</td>
</tr>
</tbody>
</table>
<p>An update that solves one vulnerability can now be
installed.</p>
<h2>Description:</h2>
<p>This update for bind fixes the following issues:</p>
<ul>
<li>CVE-2024-11187: Fixes CPU exhaustion caused by many records in the
additional section (bsc#1236596)</li>
</ul>
<h2>Patch Instructions:</h2>
<p>
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper
patch".<br/>
Alternatively you can run the command listed for your product:
</p>
<ul class="list-group">
<li class="list-group-item">
SUSE Manager Client Tools for SLE Micro 5
<br/>
<code>zypper in -t patch
SUSE-SLE-Manager-Tools-For-Micro-5-2025-337=1</code>
</li>
</ul>
<h2>Package List:</h2>
<ul>
<li>
SUSE Manager Client Tools for SLE Micro 5 (aarch64 s390x
x86_64)
<ul>
<li>libirs1601-9.16.6-150000.12.80.1</li>
<li>libbind9-1600-9.16.6-150000.12.80.1</li>
<li>libisccc1600-9.16.6-150000.12.80.1</li>
<li>libisc1606-9.16.6-150000.12.80.1</li>
<li>bind-utils-9.16.6-150000.12.80.1</li>
<li>libns1604-debuginfo-9.16.6-150000.12.80.1</li>
<li>libns1604-9.16.6-150000.12.80.1</li>
<li>libdns1605-9.16.6-150000.12.80.1</li>
<li>libisccfg1600-9.16.6-150000.12.80.1</li>
</ul>
</li>
<li>
SUSE Manager Client Tools for SLE Micro 5 (aarch64_ilp32)
<ul>
<li>libisccc1600-64bit-9.16.6-150000.12.80.1</li>
<li>libisccfg1600-64bit-9.16.6-150000.12.80.1</li>
<li>libbind9-1600-64bit-9.16.6-150000.12.80.1</li>
<li>libisc1606-64bit-9.16.6-150000.12.80.1</li>
<li>libdns1605-64bit-9.16.6-150000.12.80.1</li>
<li>libirs1601-64bit-9.16.6-150000.12.80.1</li>
</ul>
</li>
<li>
SUSE Manager Client Tools for SLE Micro 5 (noarch)
<ul>
<li>python3-bind-9.16.6-150000.12.80.1</li>
</ul>
</li>
</ul>
<h2>References:</h2>
<ul>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-11187.html">https://www.suse.com/security/cve/CVE-2024-11187.html</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1236596">https://bugzilla.suse.com/show_bug.cgi?id=1236596</a>
</li>
</ul>
</div>
--===============0851017967054932503==--
|
|
|
|
