Download
| Alert*
oval:org.secpod.oval:def:127283
BIND is an implementation of the DNS protocols. BIND includes a DNS server , which resolves host names to IP addresses; a resolver library ; and tools for verifying that the DNS server is operating properly. oval:org.secpod.oval:def:708768 bind9: Internet Domain Name Server Several security issues were fixed in Bind. oval:org.secpod.oval:def:98708 bind9: Internet Domain Name Server Several security issues were fixed in Bind. oval:org.secpod.oval:def:127282 BIND is an implementation of the DNS protocols. BIND includes a DNS server , which resolves host names to IP addresses; a resolver library ; and tools for verifying that the DNS server is operating properly. oval:org.secpod.oval:def:1507392 [2.85-14.1] - Fix CVE 2023-50387 and CVE 2023-50868 - Resolves: RHEL-25674 - Resolves: RHEL-25638 oval:org.secpod.oval:def:509045 The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fix: bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources For more details about the security issue, including the i ... oval:org.secpod.oval:def:1507391 [2.79-31.2] - Fix CVE 2023-50387 and CVE 2023-50868 - Resolves: RHEL-25628 - Resolves: RHEL-25666 [2.79-31.1] - Do not crash on invalid domain in --synth-domain option [2.79-31] - Do not create and search --local and --address=/x/# domains [2.79-30] - Make create logfile writeable by root [2.79-2 ... oval:org.secpod.oval:def:2501342 The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. oval:org.secpod.oval:def:1702159 Certain DNSSEC aspects of the DNS protocol allow remote attackers to cause a denial of service via one or more DNSSEC responses when there is a zone with many DNSKEY and RRSIG records, aka the "KeyTrap" issue. The protocol specification implies that an algorithm must evaluate all combinations of D ... oval:org.secpod.oval:def:612983 Two vulnerabilities were discovered in unbound, a validating, recursive, caching DNS resolver. Specially crafted DNSSEC answers could lead unbound down a very CPU intensive and time costly DNSSEC or NSEC3 hash validation path, resulting in denial of service. Details can be found at https://nlnetla ... oval:org.secpod.oval:def:3302356 Security update for pdns-recursor oval:org.secpod.oval:def:127244 PowerDNS Recursor is a non authoritative/recursing DNS server. Use this package if you need a dns cache for your network. oval:org.secpod.oval:def:127245 PowerDNS Recursor is a non authoritative/recursing DNS server. Use this package if you need a dns cache for your network. oval:org.secpod.oval:def:708755 bind9: Internet Domain Name Server Several security issues were fixed in Bind. oval:org.secpod.oval:def:509132 The dnsmasq packages contain Dnsmasq, a lightweight DNS forwarder and DHCP server. Security Fix: dnsmasq: bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator dnsmasq: bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources For more details about the security issue, in ... oval:org.secpod.oval:def:3302415 Security update for bind oval:org.secpod.oval:def:2600540 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. oval:org.secpod.oval:def:98719 bind9: Internet Domain Name Server Several security issues were fixed in Bind. oval:org.secpod.oval:def:1507361 [1.16.2-5.2] - bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator - bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources oval:org.secpod.oval:def:612990 It was discovered that malformed DNSSEC records within a DNS zone could result in denial of service against PDNS Recursor, a resolving name server. oval:org.secpod.oval:def:1507362 [1.16.2-3.1] - Fix DNSSEC validation vulnerabilities which can lead to DoS in trivially orchestrated attacks oval:org.secpod.oval:def:708791 unbound: validating, recursive, caching DNS resolver Several security issues were fixed in Unbound. oval:org.secpod.oval:def:98517 Several vulnerabilities were discovered in BIND, a DNS server implementation, which may result in denial of service. oval:org.secpod.oval:def:19500634 The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected `named` instance by exploiting this flaw. This issue affects bo ... oval:org.secpod.oval:def:509134 The dnsmasq packages contain Dnsmasq, a lightweight DNS forwarder and DHCP server. Security Fix: dnsmasq: bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator dnsmasq: bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources For more details about the security issue, in ... oval:org.secpod.oval:def:19500631 Certain DNSSEC aspects of the DNS protocol allow remote attackers to cause a denial of service via one or more DNSSEC responses when there is a zone with many DNSKEY and RRSIG records, aka the "KeyTrap" issue. The protocol specification implies that an algorithm must evaluate all combinations of D ... oval:org.secpod.oval:def:612996 node-ip is installed oval:org.secpod.oval:def:2501376 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. oval:org.secpod.oval:def:2501377 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. oval:org.secpod.oval:def:1702227 Certain DNSSEC aspects of the DNS protocol allow remote attackers to cause a denial of service via one or more DNSSEC responses when there is a zone with many DNSKEY and RRSIG records, aka the "KeyTrap" issue. The protocol specification implies that an algorithm must evaluate all combinations of D ... oval:org.secpod.oval:def:89051525 This update for bind fixes the following issues: Update to release 9.16.48: * CVE-2023-50387: Fixed a denial-of-service caused by DNS messages containing a lot of DNSSEC signatures . * CVE-2023-50868: Fixed a denial-of-service caused by NSEC3 closest encloser proof . * CVE-2023-4408: Fixed a denial- ... oval:org.secpod.oval:def:127298 Dnsmasq is lightweight, easy to configure DNS forwarder and DHCP server. It is designed to provide DNS and, optionally, DHCP, to a small network. It can serve the names of local machines which are not in the global DNS. The DHCP server integrates with the DNS server and allows machines with DHCP-all ... oval:org.secpod.oval:def:89051528 This update for bind fixes the following issues: Update to release 9.16.48: Feature Changes: * The IP addresses for B.ROOT-SERVERS.NET have been updated to 170.247.170.2 and 2801:1b8:10::b. Security Fixes: * Validating DNS messages containing a lot of DNSSEC signatures could cause excessive CPU load ... oval:org.secpod.oval:def:509184 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: bind9: Parsing large DNS messages may cause excessive CPU load bind9: Que ... oval:org.secpod.oval:def:509187 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: bind: Preparing an NSEC3 closest encloser proof can exhaust CPU resources ... oval:org.secpod.oval:def:127187 This package provides an LDAP back-end plug-in for BIND. It features support for dynamic updates and internal caching, to lift the load off of your LDAP server. oval:org.secpod.oval:def:98727 dnsmasq: Small caching DNS proxy and DHCP/TFTP server Several security issues were fixed in Dnsmasq. oval:org.secpod.oval:def:19500641 Certain DNSSEC aspects of the DNS protocol allow remote attackers to cause a denial of service via one or more DNSSEC responses when there is a zone with many DNSKEY and RRSIG records, aka the "KeyTrap" issue. The protocol specification implies that an algorithm must evaluate all combinations of D ... oval:org.secpod.oval:def:708780 dnsmasq: Small caching DNS proxy and DHCP/TFTP server Several security issues were fixed in Dnsmasq. oval:org.secpod.oval:def:98521 Two vulnerabilities were discovered in unbound, a validating, recursive, caching DNS resolver. Specially crafted DNSSEC answers could lead unbound down a very CPU intensive and time costly DNSSEC or NSEC3 hash validation path, resulting in denial of service. Details can be found at https://nlnetla ... oval:org.secpod.oval:def:97950 MITRE: CVE-2023-50387 DNSSEC verification complexity can be exploited to exhaust CPU resources and stall DNS resolvers oval:org.secpod.oval:def:98523 It was discovered that malformed DNSSEC records within a DNS zone could result in denial of service against PDNS Recursor, a resolving name server. oval:org.secpod.oval:def:509103 The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fix: bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources For more details about the security issue, including the i ... oval:org.secpod.oval:def:4501541 The dnsmasq packages contain Dnsmasq, a lightweight DNS forwarder and DHCP server. Security Fix: * dnsmasq: bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator * dnsmasq: bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources For more details about the security issue ... oval:org.secpod.oval:def:1507457 bind [32:9.16.23-14.4] - Rebuild with correct z-stream tag again [32:9.16.23-14.3] - Rebuild together with bind-dyndb-ldap to adjust ABI changes [32:9.16.23-14.2] - Import tests for large DNS messages fix - Add downstream change complementing CVE-2023-50387 [32:9.16.23-14.1] - Prevent increased CPU ... oval:org.secpod.oval:def:3302371 Security update for bind oval:org.secpod.oval:def:2600508 The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. oval:org.secpod.oval:def:1702255 Certain DNSSEC aspects of the DNS protocol allow remote attackers to cause a denial of service via one or more DNSSEC responses when there is a zone with many DNSKEY and RRSIG records, aka the "KeyTrap" issue. The protocol specification implies that an algorithm must evaluate all combinations of D ... oval:org.secpod.oval:def:127189 Unbound is a validating, recursive, and caching DNS resolver. The C implementation of Unbound is developed and maintained by NLnet Labs. It is based on ideas and algorithms taken from a java prototype developed by Verisign labs, Nominet, Kirei and ep.net. Unbound is designed as a set of modular comp ... oval:org.secpod.oval:def:127300 Unbound is a validating, recursive, and caching DNS resolver. The C implementation of Unbound is developed and maintained by NLnet Labs. It is based on ideas and algorithms taken from a java prototype developed by Verisign labs, Nominet, Kirei and ep.net. Unbound is designed as a set of modular comp ... oval:org.secpod.oval:def:2600524 The dnsmasq packages contain Dnsmasq, a lightweight DNS forwarder and DHCP server. oval:org.secpod.oval:def:127191 Dnsmasq is lightweight, easy to configure DNS forwarder and DHCP server. It is designed to provide DNS and, optionally, DHCP, to a small network. It can serve the names of local machines which are not in the global DNS. The DHCP server integrates with the DNS server and allows machines with DHCP-all ... oval:org.secpod.oval:def:509193 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. The Dynamic Host Configuration Protocol is a protocol that allows individual devices on ... oval:org.secpod.oval:def:98537 dnsmasq: Small caching DNS proxy and DHCP/TFTP server Several security issues were fixed in Dnsmasq. oval:org.secpod.oval:def:98736 unbound: validating, recursive, caching DNS resolver Several security issues were fixed in Unbound. oval:org.secpod.oval:def:1507461 [32:9.16.23-0.16.2] - Prevent crashing at masterformat system test [32:9.16.23-0.16.1] - Prevent increased CPU load on large DNS messages - Prevent assertion failure when nxdomain-redirect is used with RFC 1918 reverse zones - Prevent assertion failure if DNS64 and serve-stale is used - Specific ... oval:org.secpod.oval:def:127190 BIND is an implementation of the DNS protocols. BIND includes a DNS server , which resolves host names to IP addresses; a resolver library ; and tools for verifying that the DNS server is operating properly. oval:org.secpod.oval:def:2501353 The dnsmasq packages contain Dnsmasq, a lightweight DNS forwarder and DHCP server. oval:org.secpod.oval:def:1507465 bind [32:9.11.36-11.1] - Speed up parsing of DNS messages with many different names - Prevent increased CPU consumption in DNSSEC validator - Do not use header_prev in expire_lru_headers dhcp [4.3.6] - Change bug tracker path [12:4.3.6-49.1] - Rebuild because of bind ABI changes related to CVE-202 ... oval:org.secpod.oval:def:127313 This package provides an LDAP back-end plug-in for BIND. It features support for dynamic updates and internal caching, to lift the load off of your LDAP server. oval:org.secpod.oval:def:612979 Several vulnerabilities were discovered in BIND, a DNS server implementation, which may result in denial of service. oval:org.secpod.oval:def:1507504 bind [9.16.23-18.0.1] - Fix warning when changing device file permissions [Orabug: 36518580] [32:9.16.23-18.1] - Rebuild with correct z-stream tag again [32:9.16.23-18] - Prevent crashing at masterformat system test [32:9.16.23-17] - Import tests for large DNS messages fix - Add downstream change c ... oval:org.secpod.oval:def:127312 BIND is an implementation of the DNS protocols. BIND includes a DNS server , which resolves host names to IP addresses; a resolver library ; and tools for verifying that the DNS server is operating properly. oval:org.secpod.oval:def:4501564 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. The Dynamic Host Configuration Protocol is a protocol that allows individual devices on ... oval:org.secpod.oval:def:2600600 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. oval:org.secpod.oval:def:509374 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. The Dynamic Host Configuration Protocol is a protocol that allows individual devices on ... oval:org.secpod.oval:def:98015 The host is missing a critical security update for KB5034767 oval:org.secpod.oval:def:98016 The host is missing a critical security update for KB5034768 oval:org.secpod.oval:def:98017 The host is missing a critical security update for KB5034769 oval:org.secpod.oval:def:98018 The host is missing a critical security update for KB5034770 oval:org.secpod.oval:def:98022 The host is missing a critical security update for KB5034819 oval:org.secpod.oval:def:98023 The host is missing a critical security update for KB5034830 oval:org.secpod.oval:def:98024 The host is missing a critical security update for KB5034831 oval:org.secpod.oval:def:98021 The host is missing a critical security update for KB5034809 |