USN-6723-1: Bind vulnerabilities

Operations Manager

2 more products

24704

22 August 2024

22 August 2024

CLOSED

MEDIUM

CVE-2023-50387;CVE-2023-50868

Severity

medium

Vendor

VMware Tanzu

Versions Affected

  • Canonical Ubuntu 18.04

Description

Elias Heftrig, Haya Schulmann, Niklas Vogel, and Michael Waidner discovered that Bind icorrectly handled validating DNSSEC messages. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service. (CVE-2023-50387) It was discovered that Bind incorrectly handled preparing an NSEC3 closest encloser proof. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service. (CVE-2023-50868) Update Instructions: Run `sudo pro fix USN-6723-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: bind9 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm8 bind9-doc - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm8 bind9-host - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm8 bind9utils - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm8 dnsutils - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm8 host - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm8 libbind-dev - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm8 libbind-export-dev - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm8 libbind9-140 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm8 libdns-export162 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm8 libdns162 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm8 libirs-export141 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm8 libirs141 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm8 libisc-export160 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm8 libisc160 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm8 libisccc-export140 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm8 libisccc-export140-udeb - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm8 libisccc140 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm8 libisccfg-export140 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm8 libisccfg140 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm8 liblwres141 - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm8 lwresd - 1:9.10.3.dfsg.P4-8ubuntu1.19+esm8 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro.

Fixed VMware Products and Versions

  • Cflinuxfs3
    • 0.388.0 or greater
  • Operations Manager Image
    • 2.10.74 or greater
  • Tanzu Greenplum for Kubernetes
    • 2.0.0 or greater
  • Xenial Stemcells
    • 621.944 or greater
  • Cf Deployment
    • 30.0.0 or greater
  • Operations Manager
    • 2.10.74 or greater

References

https://ubuntu.com/security/notices/USN-6723-1

https://www.cloudfoundry.org/blog/usn-6723-1

https://cve.mitre.org/cgi-bin/cvename.cgi?name=usn-6723-1

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24704

History

2024-04-09: Initial vulnerability report published.