SUSE update for bind
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2024-1737 CVE-2024-1975 |
| CWE-ID | CWE-399 CWE-400 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
SUSE Linux Enterprise Micro Operating systems & Components / Operating system SUSE Manager Client Tools for SLE Micro Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications 15 Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 SP2 LTSS Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing 15 Operating systems & Components / Operating system bind-doc Operating systems & Components / Operating system package or component bind Operating systems & Components / Operating system package or component libisccc1600-debuginfo Operating systems & Components / Operating system package or component libbind9-1600-debuginfo Operating systems & Components / Operating system package or component bind-devel Operating systems & Components / Operating system package or component libisc1606-debuginfo Operating systems & Components / Operating system package or component bind-chrootenv Operating systems & Components / Operating system package or component bind-debugsource Operating systems & Components / Operating system package or component bind-debuginfo Operating systems & Components / Operating system package or component libirs1601-debuginfo Operating systems & Components / Operating system package or component libisccfg1600-debuginfo Operating systems & Components / Operating system package or component libdns1605-debuginfo Operating systems & Components / Operating system package or component bind-utils-debuginfo Operating systems & Components / Operating system package or component libirs-devel Operating systems & Components / Operating system package or component python3-bind Operating systems & Components / Operating system package or component libisc1606-64bit Operating systems & Components / Operating system package or component libisccc1600-64bit Operating systems & Components / Operating system package or component libbind9-1600-64bit Operating systems & Components / Operating system package or component libirs1601-64bit Operating systems & Components / Operating system package or component libisccfg1600-64bit Operating systems & Components / Operating system package or component libdns1605-64bit Operating systems & Components / Operating system package or component libisc1606 Operating systems & Components / Operating system package or component libbind9-1600 Operating systems & Components / Operating system package or component libns1604-debuginfo Operating systems & Components / Operating system package or component libirs1601 Operating systems & Components / Operating system package or component libisccfg1600 Operating systems & Components / Operating system package or component libisccc1600 Operating systems & Components / Operating system package or component libns1604 Operating systems & Components / Operating system package or component libdns1605 Operating systems & Components / Operating system package or component bind-utils Operating systems & Components / Operating system package or component |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Resource management error
EUVDB-ID: #VU94710
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-1737
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the application when handling a very large number of RRs. Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name.
MitigationUpdate the affected package bind to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro: 5.0 - 5.5
SUSE Manager Client Tools for SLE Micro: 5
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
bind-doc: before 9.16.6-150000.12.77.1
bind: before 9.16.6-150000.12.77.1
libisccc1600-debuginfo: before 9.16.6-150000.12.77.1
libbind9-1600-debuginfo: before 9.16.6-150000.12.77.1
bind-devel: before 9.16.6-150000.12.77.1
libisc1606-debuginfo: before 9.16.6-150000.12.77.1
bind-chrootenv: before 9.16.6-150000.12.77.1
bind-debugsource: before 9.16.6-150000.12.77.1
bind-debuginfo: before 9.16.6-150000.12.77.1
libirs1601-debuginfo: before 9.16.6-150000.12.77.1
libisccfg1600-debuginfo: before 9.16.6-150000.12.77.1
libdns1605-debuginfo: before 9.16.6-150000.12.77.1
bind-utils-debuginfo: before 9.16.6-150000.12.77.1
libirs-devel: before 9.16.6-150000.12.77.1
python3-bind: before 9.16.6-150000.12.77.1
libisc1606-64bit: before 9.16.6-150000.12.77.1
libisccc1600-64bit: before 9.16.6-150000.12.77.1
libbind9-1600-64bit: before 9.16.6-150000.12.77.1
libirs1601-64bit: before 9.16.6-150000.12.77.1
libisccfg1600-64bit: before 9.16.6-150000.12.77.1
libdns1605-64bit: before 9.16.6-150000.12.77.1
libisc1606: before 9.16.6-150000.12.77.1
libbind9-1600: before 9.16.6-150000.12.77.1
libns1604-debuginfo: before 9.16.6-150000.12.77.1
libirs1601: before 9.16.6-150000.12.77.1
libisccfg1600: before 9.16.6-150000.12.77.1
libisccc1600: before 9.16.6-150000.12.77.1
libns1604: before 9.16.6-150000.12.77.1
libdns1605: before 9.16.6-150000.12.77.1
bind-utils: before 9.16.6-150000.12.77.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_client_tools_for_sle_micro:5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:*
- cpe:2.3:a:suse:bind-doc:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:bind:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libisccc1600-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libbind9-1600-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:bind-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libisc1606-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:bind-chrootenv:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:bind-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:bind-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libirs1601-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libisccfg1600-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libdns1605-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:bind-utils-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libirs-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python3-bind:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libisc1606-64bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libisccc1600-64bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libbind9-1600-64bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libirs1601-64bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libisccfg1600-64bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libdns1605-64bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libisc1606:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libbind9-1600:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libns1604-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libirs1601:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libisccfg1600:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libisccc1600:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libns1604:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libdns1605:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:bind-utils:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242811-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Resource exhaustion
EUVDB-ID: #VU94711
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-1975
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. If a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG(0) signed requests.
MitigationUpdate the affected package bind to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro: 5.0 - 5.5
SUSE Manager Client Tools for SLE Micro: 5
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
bind-doc: before 9.16.6-150000.12.77.1
bind: before 9.16.6-150000.12.77.1
libisccc1600-debuginfo: before 9.16.6-150000.12.77.1
libbind9-1600-debuginfo: before 9.16.6-150000.12.77.1
bind-devel: before 9.16.6-150000.12.77.1
libisc1606-debuginfo: before 9.16.6-150000.12.77.1
bind-chrootenv: before 9.16.6-150000.12.77.1
bind-debugsource: before 9.16.6-150000.12.77.1
bind-debuginfo: before 9.16.6-150000.12.77.1
libirs1601-debuginfo: before 9.16.6-150000.12.77.1
libisccfg1600-debuginfo: before 9.16.6-150000.12.77.1
libdns1605-debuginfo: before 9.16.6-150000.12.77.1
bind-utils-debuginfo: before 9.16.6-150000.12.77.1
libirs-devel: before 9.16.6-150000.12.77.1
python3-bind: before 9.16.6-150000.12.77.1
libisc1606-64bit: before 9.16.6-150000.12.77.1
libisccc1600-64bit: before 9.16.6-150000.12.77.1
libbind9-1600-64bit: before 9.16.6-150000.12.77.1
libirs1601-64bit: before 9.16.6-150000.12.77.1
libisccfg1600-64bit: before 9.16.6-150000.12.77.1
libdns1605-64bit: before 9.16.6-150000.12.77.1
libisc1606: before 9.16.6-150000.12.77.1
libbind9-1600: before 9.16.6-150000.12.77.1
libns1604-debuginfo: before 9.16.6-150000.12.77.1
libirs1601: before 9.16.6-150000.12.77.1
libisccfg1600: before 9.16.6-150000.12.77.1
libisccc1600: before 9.16.6-150000.12.77.1
libns1604: before 9.16.6-150000.12.77.1
libdns1605: before 9.16.6-150000.12.77.1
bind-utils: before 9.16.6-150000.12.77.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_client_tools_for_sle_micro:5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:*
- cpe:2.3:a:suse:bind-doc:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:bind:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libisccc1600-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libbind9-1600-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:bind-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libisc1606-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:bind-chrootenv:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:bind-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:bind-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libirs1601-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libisccfg1600-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libdns1605-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:bind-utils-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libirs-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python3-bind:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libisc1606-64bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libisccc1600-64bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libbind9-1600-64bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libirs1601-64bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libisccfg1600-64bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libdns1605-64bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libisc1606:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libbind9-1600:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libns1604-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libirs1601:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libisccfg1600:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libisccc1600:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libns1604:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libdns1605:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:bind-utils:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242811-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
