-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 12 Feb 2024 17:28:03 +0100 Source: bind9 Architecture: source Version: 1:9.18.24-1 Distribution: bookworm-security Urgency: high Maintainer: Debian DNS Team <team+dns@tracker.debian.org> Changed-By: Ondřej Surý <ondrej@debian.org> Changes: bind9 (1:9.18.24-1) bookworm-security; urgency=high . * New upstream version 9.18.24 - CVE-2023-4408: Parsing large DNS messages may cause excessive CPU load - CVE-2023-5517: Querying RFC 1918 reverse zones may cause an assertion failure when "nxdomain-redirect" is enabled - CVE-2023-5679: Enabling both DNS64 and serve-stale may cause an assertion failure during recursive resolution - CVE-2023-6516: Specific recursive query patterns may lead to an out-of-memory condition - CVE-2023-50387: KeyTrap - Extreme CPU consumption in DNSSEC validator - CVE-2023-50868: Preparing an NSEC3 closest encloser proof can exhaust CPU resources Checksums-Sha1: 578c72a7a38a5477963b101d9a2aa2070e0cc333 3049 bind9_9.18.24-1.dsc e5bfeb64e3d118c5b4e21ae615f2b9c3ea5339ff 5515528 bind9_9.18.24.orig.tar.xz 2e43512483a99d9016ed856d99ea3cc0248e800b 60800 bind9_9.18.24-1.debian.tar.xz bdb61ec3fa2bfc7b29b00912f1445ba07022baae 15031 bind9_9.18.24-1_amd64.buildinfo Checksums-Sha256: 3e76d81e821e6c300f442b80918bff87bdf89851789ab621a8dbfe6d19f4f717 3049 bind9_9.18.24-1.dsc 709d73023c9115ddad3bab65b6c8c79a590196d0d114f5d0ca2533dbd52ddf66 5515528 bind9_9.18.24.orig.tar.xz 88d8b6b54bcb9302e70a8891c2fede7529f9ef3f61920952af9c79778c5c8f19 60800 bind9_9.18.24-1.debian.tar.xz 8c8c9d559b0bb25f34876e396ebf0067949a09e40a5b7e2e463d6a8c6431f28e 15031 bind9_9.18.24-1_amd64.buildinfo Files: cd6ae3fcc0d5657b3d8f85f554af3878 3049 net optional bind9_9.18.24-1.dsc c791cb32069dbfb6d555ee682309ab09 5515528 net optional bind9_9.18.24.orig.tar.xz ad347f2e87b072168d28faeb2d6d7dad 60800 net optional bind9_9.18.24-1.debian.tar.xz e59713037cdbfd6b6c9a0e19db5b51b2 15031 net optional bind9_9.18.24-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEw2Gx4wKVQ+vGJel9g3Kkd++uWcIFAmXKTHhfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEMz NjFCMUUzMDI5NTQzRUJDNjI1RTk3RDgzNzJBNDc3RUZBRTU5QzIACgkQg3Kkd++u WcKxMQ//V0PIilcZu2U82rT1g3bdlskFzejMuio58F5kGv/uQeMr19Bo5K5K5bMf zuwH0Iws0pe/LvVJ/NCmp9YbRjAW3fPDJ3LV+Dt7JGE9OKoyBTOgogd4CizysXwG SyH7ArwiVybP54UgZu/4VUIemjuP4QDSj2Awc4yf/7Th6CoEbHFkiUOKjIQGgPs7 lqkrYFc7MqunSilj4CzCeGVkIf7nmsx6hw4PQ73ioKbkMZP6Y7+DAifeHOzz2N3N q5WKpJa7HPMrXHczSz4FOPYWcDKorwpBRU6+PnU0sa9TpeHioEfUfChMOknuPAUh APgsXo0D8Mwrv+ytuERKOzgJWG7Z7T+Ec8UVIgMTHvYZu+TrV2n+CKUGtYOxepXi hLJZDqAmH20NwDYaljF5DpkxC4c9nfsGanAag5l3TIxY/7fkq4pITMis033mvfmM OImvhVE13+KCn/EtV0IzCfE43lKeGR5PzEYQjb5PkLDtqfe9xN+oMgPHPHWS3P0Z vgX7cDSvuVdNuvjCVBxz7FiBMzj1JQqplr5xGZRKfUVCpopf950pJWrIxIAckI6d 4d40qPogifCjdaUzmfCFihi5Ue2pMVgWtcyMs5lJpZyY3H6dKhyAkaStvO/TO+Lr gz9jEc8gSxPXD0WQx0Idi7tO35ZBz89uiJ3DoNfst6G4/sm2UJ8= =Xgos -----END PGP SIGNATURE-----