Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package bind for openSUSE:Factory checked in at 2024-02-15 20:58:46 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/bind (Old) and /work/SRC/openSUSE:Factory/.bind.new.1815 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "bind" Thu Feb 15 20:58:46 2024 rev:205 rq:1146454 version:9.18.24 Changes: -------- --- /work/SRC/openSUSE:Factory/bind/bind.changes 2024-01-05 21:40:04.247334736 +0100 +++ /work/SRC/openSUSE:Factory/.bind.new.1815/bind.changes 2024-02-15 20:58:53.372765593 +0100 @@ -1,0 +2,40 @@ +Tue Feb 13 15:15:21 UTC 2024 - Jorik Cronenberg <[email protected]> + +- Update to release 9.18.24 + Security Fixes: + * Validating DNS messages containing a lot of DNSSEC signatures + could cause excessive CPU load, leading to a denial-of-service + condition. This has been fixed. (CVE-2023-50387) + [bsc#1219823] + * Preparing an NSEC3 closest encloser proof could cause excessiv + CPU load, leading to a denial-of-service condition. This has + been fixed. (CVE-2023-50868) + [bsc#1219826] + * Parsing DNS messages with many different names could cause + excessive CPU load. This has been fixed. (CVE-2023-4408) + [bsc#1219851] + * Specific queries could cause named to crash with an assertion + failure when nxdomain-redirect was enabled. This has been + fixed. (CVE-2023-5517) + [bsc#1219852] + * A bad interaction between DNS64 and serve-stale could cause + named to crash with an assertion failure, when both of these + features were enabled. This has been fixed. (CVE-2023-5679) + [bsc#1219853] + * Query patterns that continuously triggered cache database + maintenance could cause an excessive amount of memory to be + allocated, exceeding max-cache-size and potentially leading to + all available memory on the host running named being exhausted + This has been fixed. (CVE-2023-6516) + [bsc#1219854] + * Under certain circumstances, the DNS-over-TLS client code + incorrectly attempted to process more than one DNS message at a + time, which could cause named to crash with an assertion + failure. This has been fixed. + + Bug Fixes: + * The counters exported via the statistics channel were changed + back to 64-bit signed values; they were being inadvertently + truncated to unsigned 32-bit values since BIND 9.15.0. + +------------------------------------------------------------------- Old: ---- bind-9.18.21.tar.xz bind-9.18.21.tar.xz.asc New: ---- bind-9.18.24.tar.xz bind-9.18.24.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ bind.spec ++++++ --- /var/tmp/diff_new_pack.YgGvl2/_old 2024-02-15 20:58:54.064790584 +0100 +++ /var/tmp/diff_new_pack.YgGvl2/_new 2024-02-15 20:58:54.064790584 +0100 @@ -56,7 +56,7 @@ %define _fillupdir %{_localstatedir}/adm/fillup-templates %endif Name: bind -Version: 9.18.21 +Version: 9.18.24 Release: 0 Summary: Domain Name System (DNS) Server (named) License: MPL-2.0 ++++++ bind-9.18.21.tar.xz -> bind-9.18.24.tar.xz ++++++ ++++ 4798 lines of diff (skipped)
