USN-6633-1: Bind vulnerabilities

Isolation Segment

5 more products

24844

25 July 2024

25 July 2024

CLOSED

MEDIUM

CVE-2023-4408;CVE-2023-50387;CVE-2023-50868;CVE-2023-5517;CVE-2023-5679

Severity

medium

Vendor

VMware Tanzu

Versions Affected

  • Canonical Ubuntu 22.04

Shoham Danino, Anat Bremler-Barr, Yehuda Afek, and Yuval Shavitt discovered that Bind incorrectly handled parsing large DNS messages. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service. (CVE-2023-4408) Elias Heftrig, Haya Schulmann, Niklas Vogel, and Michael Waidner discovered that Bind icorrectly handled validating DNSSEC messages. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service. (CVE-2023-50387) It was discovered that Bind incorrectly handled preparing an NSEC3 closest encloser proof. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service. (CVE-2023-50868) It was discovered that Bind incorrectly handled reverse zone queries when nxdomain-redirect is enabled. A remote attacker could possibly use this issue to cause Bind to crash, leading to a denial of service. (CVE-2023-5517) It was discovered that Bind incorrectly handled recursive resolution when both DNS64 and serve-stable were enabled. A remote attacker could possibly use this issue to cause Bind to crash, leading to a denial of service. (CVE-2023-5679) Update Instructions: Run `sudo pro fix USN-6633-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dnsutils - 1:9.18.18-0ubuntu0.22.04.2 bind9-libs - 1:9.18.18-0ubuntu0.22.04.2 bind9utils - 1:9.18.18-0ubuntu0.22.04.2 bind9-dev - 1:9.18.18-0ubuntu0.22.04.2 bind9-doc - 1:9.18.18-0ubuntu0.22.04.2 bind9-utils - 1:9.18.18-0ubuntu0.22.04.2 bind9 - 1:9.18.18-0ubuntu0.22.04.2 bind9-dnsutils - 1:9.18.18-0ubuntu0.22.04.2 bind9-host - 1:9.18.18-0ubuntu0.22.04.2 No subscription required.

Fixed and Unaffected VMware Products and Versions

  • Cflinixfs4
    • 1.72.0 or greater
  • Jammy Stemcells
    • 1.379 or greater
  • CF Deployment
    • All unaffected
  • Tanzu Greenplum for Kubernetes
    • 2.0.0 or greater
  • Isolation Segment
    • 4.0.18+LTS-T or greater
    • 5.0.8 or greater
    • 6.0.x unaffected
  • Operations Manager
    • 3.0.25+LTS-T or greater
  • MySQL for VMware Tanzu
    • 3.3.x unaffected
  • VMware Tanzu Applications Service for VMs
    • 4.0.18+LTS-T or greater
    • 5.0.8 or greater
    • 6.0.x unaffected

References

https://ubuntu.com/security/notices/USN-6633-1

https://www.cloudfoundry.org/blog/usn-6633-1

https://cve.mitre.org/cgi-bin/cvename.cgi?name=usn-6633-1

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24844

History

2024-02-13: Initial vulnerability report published.