First published: Wed Jun 21 2023(Updated: )
Shoham Danino, Anat Bremler-Barr, Yehuda Afek, and Yuval Shavitt discovered that Bind incorrectly handled the cache size limit. A remote attacker could possibly use this issue to consume memory, leading to a denial of service. (CVE-2023-2828) It was discovered that Bind incorrectly handled the recursive-clients quota. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 22.10, and Ubuntu 23.04. (CVE-2023-2911)
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/bind9 | <1:9.18.12-1ubuntu1.1 | 1:9.18.12-1ubuntu1.1 |
=23.04 | ||
All of | ||
ubuntu/bind9 | <1:9.18.12-0ubuntu0.22.10.2 | 1:9.18.12-0ubuntu0.22.10.2 |
=22.10 | ||
All of | ||
ubuntu/bind9 | <1:9.18.12-0ubuntu0.22.04.2 | 1:9.18.12-0ubuntu0.22.04.2 |
=22.04 | ||
All of | ||
ubuntu/bind9 | <1:9.16.1-0ubuntu2.15 | 1:9.16.1-0ubuntu2.15 |
=20.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for the Bind vulnerabilities is CVE-2023-2828.
The impact of the Bind vulnerabilities is a possible denial of service due to memory consumption.
The versions of Bind affected by the vulnerabilities are 1:9.18.12-1ubuntu1.1, 1:9.18.12-0ubuntu0.22.10.2, 1:9.18.12-0ubuntu0.22.04.2, and 1:9.16.1-0ubuntu2.15.
To fix the Bind vulnerabilities, update to the following versions: 1:9.18.12-1ubuntu1.1, 1:9.18.12-0ubuntu0.22.10.2, 1:9.18.12-0ubuntu0.22.04.2, or 1:9.16.1-0ubuntu2.15.
You can find more information about the Bind vulnerabilities on the Ubuntu Security Notices website: https://ubuntu.com/security/CVE-2023-2911 and https://ubuntu.com/security/CVE-2023-2828.