An update for bind is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2023-1689 Final 1.0 1.0 2023-09-28 Initial 2023-09-28 2023-09-28 openEuler SA Tool V1.0 2023-09-28 bind security update An update for bind is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2. Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols and provides an openly redistributable reference implementation of the major components of the Domain Name System. This package includes the components to operate a DNS server. Security Fix(es): The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel's configured TCP port is necessary. This issue affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1.(CVE-2023-3341) An update for bind is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High bind https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1689 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-3341 https://nvd.nist.gov/vuln/detail/CVE-2023-3341 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS openEuler-22.03-LTS-SP1 openEuler-22.03-LTS-SP2 bind-debugsource-9.11.21-18.oe1.aarch64.rpm bind-export-devel-9.11.21-18.oe1.aarch64.rpm bind-libs-9.11.21-18.oe1.aarch64.rpm bind-utils-9.11.21-18.oe1.aarch64.rpm bind-pkcs11-9.11.21-18.oe1.aarch64.rpm bind-export-libs-9.11.21-18.oe1.aarch64.rpm bind-devel-9.11.21-18.oe1.aarch64.rpm bind-chroot-9.11.21-18.oe1.aarch64.rpm bind-debuginfo-9.11.21-18.oe1.aarch64.rpm bind-pkcs11-devel-9.11.21-18.oe1.aarch64.rpm bind-9.11.21-18.oe1.aarch64.rpm bind-libs-lite-9.11.21-18.oe1.aarch64.rpm bind-pkcs11-devel-9.11.21-18.oe1.aarch64.rpm bind-pkcs11-9.11.21-18.oe1.aarch64.rpm bind-9.11.21-18.oe1.aarch64.rpm bind-libs-9.11.21-18.oe1.aarch64.rpm bind-export-devel-9.11.21-18.oe1.aarch64.rpm bind-debuginfo-9.11.21-18.oe1.aarch64.rpm bind-libs-lite-9.11.21-18.oe1.aarch64.rpm bind-utils-9.11.21-18.oe1.aarch64.rpm bind-devel-9.11.21-18.oe1.aarch64.rpm bind-export-libs-9.11.21-18.oe1.aarch64.rpm bind-chroot-9.11.21-18.oe1.aarch64.rpm bind-debugsource-9.11.21-18.oe1.aarch64.rpm bind-debugsource-9.16.23-20.oe2203.aarch64.rpm bind-pkcs11-utils-9.16.23-20.oe2203.aarch64.rpm bind-debuginfo-9.16.23-20.oe2203.aarch64.rpm bind-utils-9.16.23-20.oe2203.aarch64.rpm bind-9.16.23-20.oe2203.aarch64.rpm bind-devel-9.16.23-20.oe2203.aarch64.rpm bind-pkcs11-devel-9.16.23-20.oe2203.aarch64.rpm bind-dnssec-utils-9.16.23-20.oe2203.aarch64.rpm bind-chroot-9.16.23-20.oe2203.aarch64.rpm bind-pkcs11-libs-9.16.23-20.oe2203.aarch64.rpm bind-pkcs11-9.16.23-20.oe2203.aarch64.rpm bind-libs-9.16.23-20.oe2203.aarch64.rpm bind-pkcs11-libs-9.16.23-20.oe2203sp1.aarch64.rpm bind-devel-9.16.23-20.oe2203sp1.aarch64.rpm bind-chroot-9.16.23-20.oe2203sp1.aarch64.rpm bind-dnssec-utils-9.16.23-20.oe2203sp1.aarch64.rpm bind-debuginfo-9.16.23-20.oe2203sp1.aarch64.rpm bind-libs-9.16.23-20.oe2203sp1.aarch64.rpm bind-pkcs11-utils-9.16.23-20.oe2203sp1.aarch64.rpm bind-9.16.23-20.oe2203sp1.aarch64.rpm bind-utils-9.16.23-20.oe2203sp1.aarch64.rpm bind-pkcs11-devel-9.16.23-20.oe2203sp1.aarch64.rpm bind-debugsource-9.16.23-20.oe2203sp1.aarch64.rpm bind-pkcs11-9.16.23-20.oe2203sp1.aarch64.rpm bind-9.16.23-20.oe2203sp2.aarch64.rpm bind-dnssec-utils-9.16.23-20.oe2203sp2.aarch64.rpm bind-debuginfo-9.16.23-20.oe2203sp2.aarch64.rpm bind-debugsource-9.16.23-20.oe2203sp2.aarch64.rpm bind-pkcs11-utils-9.16.23-20.oe2203sp2.aarch64.rpm bind-utils-9.16.23-20.oe2203sp2.aarch64.rpm bind-pkcs11-libs-9.16.23-20.oe2203sp2.aarch64.rpm bind-chroot-9.16.23-20.oe2203sp2.aarch64.rpm bind-libs-9.16.23-20.oe2203sp2.aarch64.rpm bind-pkcs11-devel-9.16.23-20.oe2203sp2.aarch64.rpm bind-devel-9.16.23-20.oe2203sp2.aarch64.rpm bind-pkcs11-9.16.23-20.oe2203sp2.aarch64.rpm python3-bind-9.11.21-18.oe1.noarch.rpm python3-bind-9.11.21-18.oe1.noarch.rpm bind-dnssec-doc-9.16.23-20.oe2203.noarch.rpm bind-license-9.16.23-20.oe2203.noarch.rpm python3-bind-9.16.23-20.oe2203.noarch.rpm bind-dnssec-doc-9.16.23-20.oe2203sp1.noarch.rpm bind-license-9.16.23-20.oe2203sp1.noarch.rpm python3-bind-9.16.23-20.oe2203sp1.noarch.rpm bind-dnssec-doc-9.16.23-20.oe2203sp2.noarch.rpm python3-bind-9.16.23-20.oe2203sp2.noarch.rpm bind-license-9.16.23-20.oe2203sp2.noarch.rpm bind-9.11.21-18.oe1.src.rpm bind-9.11.21-18.oe1.src.rpm bind-9.16.23-20.oe2203.src.rpm bind-9.16.23-20.oe2203sp1.src.rpm bind-9.16.23-20.oe2203sp2.src.rpm bind-pkcs11-devel-9.11.21-18.oe1.x86_64.rpm bind-libs-lite-9.11.21-18.oe1.x86_64.rpm bind-debugsource-9.11.21-18.oe1.x86_64.rpm bind-chroot-9.11.21-18.oe1.x86_64.rpm bind-utils-9.11.21-18.oe1.x86_64.rpm bind-libs-9.11.21-18.oe1.x86_64.rpm bind-debuginfo-9.11.21-18.oe1.x86_64.rpm bind-devel-9.11.21-18.oe1.x86_64.rpm bind-9.11.21-18.oe1.x86_64.rpm bind-export-libs-9.11.21-18.oe1.x86_64.rpm bind-pkcs11-9.11.21-18.oe1.x86_64.rpm bind-export-devel-9.11.21-18.oe1.x86_64.rpm bind-chroot-9.11.21-18.oe1.x86_64.rpm bind-debuginfo-9.11.21-18.oe1.x86_64.rpm bind-pkcs11-devel-9.11.21-18.oe1.x86_64.rpm bind-devel-9.11.21-18.oe1.x86_64.rpm bind-export-libs-9.11.21-18.oe1.x86_64.rpm bind-pkcs11-9.11.21-18.oe1.x86_64.rpm bind-9.11.21-18.oe1.x86_64.rpm bind-debugsource-9.11.21-18.oe1.x86_64.rpm bind-export-devel-9.11.21-18.oe1.x86_64.rpm bind-utils-9.11.21-18.oe1.x86_64.rpm bind-libs-9.11.21-18.oe1.x86_64.rpm bind-libs-lite-9.11.21-18.oe1.x86_64.rpm bind-pkcs11-utils-9.16.23-20.oe2203.x86_64.rpm bind-libs-9.16.23-20.oe2203.x86_64.rpm bind-pkcs11-9.16.23-20.oe2203.x86_64.rpm bind-dnssec-utils-9.16.23-20.oe2203.x86_64.rpm bind-devel-9.16.23-20.oe2203.x86_64.rpm bind-pkcs11-devel-9.16.23-20.oe2203.x86_64.rpm bind-chroot-9.16.23-20.oe2203.x86_64.rpm bind-9.16.23-20.oe2203.x86_64.rpm bind-debugsource-9.16.23-20.oe2203.x86_64.rpm bind-debuginfo-9.16.23-20.oe2203.x86_64.rpm bind-pkcs11-libs-9.16.23-20.oe2203.x86_64.rpm bind-utils-9.16.23-20.oe2203.x86_64.rpm bind-9.16.23-20.oe2203sp1.x86_64.rpm bind-utils-9.16.23-20.oe2203sp1.x86_64.rpm bind-libs-9.16.23-20.oe2203sp1.x86_64.rpm bind-debugsource-9.16.23-20.oe2203sp1.x86_64.rpm bind-dnssec-utils-9.16.23-20.oe2203sp1.x86_64.rpm bind-devel-9.16.23-20.oe2203sp1.x86_64.rpm bind-pkcs11-9.16.23-20.oe2203sp1.x86_64.rpm bind-pkcs11-devel-9.16.23-20.oe2203sp1.x86_64.rpm bind-pkcs11-libs-9.16.23-20.oe2203sp1.x86_64.rpm bind-pkcs11-utils-9.16.23-20.oe2203sp1.x86_64.rpm bind-debuginfo-9.16.23-20.oe2203sp1.x86_64.rpm bind-chroot-9.16.23-20.oe2203sp1.x86_64.rpm bind-pkcs11-libs-9.16.23-20.oe2203sp2.x86_64.rpm bind-utils-9.16.23-20.oe2203sp2.x86_64.rpm bind-devel-9.16.23-20.oe2203sp2.x86_64.rpm bind-dnssec-utils-9.16.23-20.oe2203sp2.x86_64.rpm bind-pkcs11-utils-9.16.23-20.oe2203sp2.x86_64.rpm bind-debugsource-9.16.23-20.oe2203sp2.x86_64.rpm bind-pkcs11-devel-9.16.23-20.oe2203sp2.x86_64.rpm bind-chroot-9.16.23-20.oe2203sp2.x86_64.rpm bind-libs-9.16.23-20.oe2203sp2.x86_64.rpm bind-pkcs11-9.16.23-20.oe2203sp2.x86_64.rpm bind-9.16.23-20.oe2203sp2.x86_64.rpm bind-debuginfo-9.16.23-20.oe2203sp2.x86_64.rpm The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel s configured TCP port is necessary.This issue affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1. 2023-09-28 CVE-2023-3341 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS openEuler-22.03-LTS-SP1 openEuler-22.03-LTS-SP2 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H bind security update 2023-09-28 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1689