-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 23 Jul 2024 15:15:18 +0200 Source: bind9 Architecture: source Version: 1:9.16.50-1~deb11u1 Distribution: bullseye-security Urgency: high Maintainer: Debian DNS Team <team+dns@tracker.debian.org> Changed-By: Ondřej Surý <ondrej@debian.org> Changes: bind9 (1:9.16.50-1~deb11u1) bullseye-security; urgency=high . * Backported from BIND 9.18.28 + CVE-2024-1737: It is possible to craft excessively large resource records sets, which have the effect of slowing down database processing. This has been addressed by adding a fixed limit to the number of records that can be stored per name and type in a cache or zone database. + CVE-2024-1737: It is possible to craft excessively large numbers of resource record types for a given owner name, which has the effect of slowing down database processing. This has been addressed by adding a fixed limit to the number of records that can be stored per name and type in a cache or zone database. + CVE-2024-1975: Validating DNS messages signed using the SIG(0) protocol could cause excessive CPU load, leading to a denial-of-service condition. Support for SIG(0) message validation was removed from this version. + CVE-2024-4076: Due to a logic error, lookups that triggered serving stale data and required lookups in local authoritative zone data could have resulted in an assertion failure. Checksums-Sha1: 55b5b549a57e42f75a572c3b1217aeae4154f291 3266 bind9_9.16.50-1~deb11u1.dsc a10542aaabad60bbbb8d19efd43591c98c01c277 5134620 bind9_9.16.50.orig.tar.xz b0da42f81f0cf61e3daeaa08a86abd78e73d3937 833 bind9_9.16.50.orig.tar.xz.asc abad697fbd1982acdad317ca21190efd2a49645a 68232 bind9_9.16.50-1~deb11u1.debian.tar.xz 17b19ea30951f91cbab2da7e81a852429c5fd697 15395 bind9_9.16.50-1~deb11u1_amd64.buildinfo Checksums-Sha256: fb3438fd1ee2458a6ec4fa6b578a82e0f910aeeee342ce9eb19e1c35ba0d8a84 3266 bind9_9.16.50-1~deb11u1.dsc 816dbaa3c115019f30fcebd9e8ef8f7637f4adde91c79daa099b035255a15795 5134620 bind9_9.16.50.orig.tar.xz ea439870e59cb3b415a64d1f19a302f5c362538e4918a09528b22529426b4cc6 833 bind9_9.16.50.orig.tar.xz.asc bb49d68b02ce77e7f1ae15fd872cc74cc5688d6408a12d511f322900509a96cd 68232 bind9_9.16.50-1~deb11u1.debian.tar.xz a27799de17b836ff2391bb85e363b38be34dcc2ed240f1060a77181496b05c51 15395 bind9_9.16.50-1~deb11u1_amd64.buildinfo Files: b54bde5e7da6275f7bcd414874290eee 3266 net optional bind9_9.16.50-1~deb11u1.dsc 0aa065323f039e413d234736a727c00e 5134620 net optional bind9_9.16.50.orig.tar.xz 7621fdb8536f44e0df9680c251aa9e95 833 net optional bind9_9.16.50.orig.tar.xz.asc 8cea19c5caa010683922307f48c507a6 68232 net optional bind9_9.16.50-1~deb11u1.debian.tar.xz 2bb1e733c60fe8f26fe51d06042ee81b 15395 net optional bind9_9.16.50-1~deb11u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEw2Gx4wKVQ+vGJel9g3Kkd++uWcIFAmaf6ilfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEMz NjFCMUUzMDI5NTQzRUJDNjI1RTk3RDgzNzJBNDc3RUZBRTU5QzIACgkQg3Kkd++u WcKVug//YtVG6bjuBle/o/Q/rc4E5PpQG8wTmlkP9Hdq/8b02k72fBiaCojY6V6s gdXNDxnAZOd4aAUhUC7hfppsmG4NzzwMLuzszvibxmwkptwSU7x1fs7LohnJDxSy ZGScSValkuwCVzMXXgEzcd02uABVRnMsKS03KJopkBJ15aysFUKQhkQKH15cHAny ZdSvAif8m2hB3iFqZZJGllx5Kp7KYZJXbl5o9YUQ6Llb2r+VflV2XaN8asJBUgK8 91pxw+fdzFHflT9BKHqUD4HS8KINA2Ol2Zf4iuGdu3rrPR2cKO5h0jyzt2Y4uCZY RCn8RX3W8xtmPKqKx90aqAA3L8ajoccMAm6veDw9kyAF+eQzQpB3ztEiNLf0EGwK 7ZITbCkJvE+uqGcrZJigNJduVDnx+h1hYUGC+Tt4A0i0Dal2V+eVE/N6a6n1lbvF ZKRaIgVdiXOI7rICvdG2urDGSNRuiUUm6wePJkpr4Iiu78itHM5zLFQlRkDwVN1d jb0xqvAYg4U8Hkr6hxrFQ+gMXCCTugLjOU5aF9ccgnHXxF3lFBEZuEz2lleq3qpX 7N78MtakJesxXow4ZI6DcjFKogrpc9Pek1VteXjn47QdIuWedb9cZ6YpmECmePwy QBNnMPS0L14nn1qveJcKeDwoorBVyRLlCaRk8IqYVO3bIYIr7LQ= =ei4n -----END PGP SIGNATURE-----