Accepting request 1146454 from network

- Update to release 9.18.24
  Security Fixes:
  * Validating DNS messages containing a lot of DNSSEC signatures
    could cause excessive CPU load, leading to a denial-of-service
    condition. This has been fixed. (CVE-2023-50387)
    [bsc#1219823]
  * Preparing an NSEC3 closest encloser proof could cause excessiv
    CPU load, leading to a denial-of-service condition. This has
    been fixed. (CVE-2023-50868)
    [bsc#1219826]
  * Parsing DNS messages with many different names could cause
    excessive CPU load. This has been fixed. (CVE-2023-4408)
    [bsc#1219851]
  * Specific queries could cause named to crash with an assertion
    failure when nxdomain-redirect was enabled. This has been
    fixed. (CVE-2023-5517)
    [bsc#1219852]
  * A bad interaction between DNS64 and serve-stale could cause
    named to crash with an assertion failure, when both of these
    features were enabled. This has been fixed. (CVE-2023-5679)
    [bsc#1219853]
  * Query patterns that continuously triggered cache database
    maintenance could cause an excessive amount of memory to be
    allocated, exceeding max-cache-size and potentially leading to
    all available memory on the host running named being exhausted
    This has been fixed. (CVE-2023-6516)
    [bsc#1219854]
  * Under certain circumstances, the DNS-over-TLS client code
    incorrectly attempted to process more than one DNS message at a
    time, which could cause named to crash with an assertion
    failure. This has been fixed.
  Bug Fixes:
  * The counters exported via the statistics channel were changed
    back to 64-bit signed values; they were being inadvertently
    truncated to unsigned 32-bit values since BIND 9.15.0.

OBS-URL: https://build.opensuse.org/request/show/1146454
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/bind?expand=0&rev=205

bind-9.18.21.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:a556be22505d9ea4f9c6717aee9c549739c68498aff3ca69035787ecc648fec5
-size 5507132

bind-9.18.21.tar.xz.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEEcGtsKGIOdvkdEfffUQpkKgbFLOwFAmV3BGsACgkQUQpkKgbF
-LOwu9w/+JciqKqT0JieUDwPzEhhulBCWEhbZFrHK6dFM5UkPHkaV79QkZAQEhnq1
-FXVEF99ZuTbz5s79wNAZ9I4AiU0al5RK1P5MwMBbjsQrfnkhmKnPIU1jx3FSVrCP
-tC9l1xEjkLNi2vf28ZQ9KED2hUdqsgTZqDvgewEnrq1NtZ0K7ozz9nHQLfooDSJT
-L5U9HDp3vf5BJWONjnKAPjJJdeRf7HPqokJVSjQcVxrT06VsMNUFFmyCbEJ0UTJm
-mqDrRuEXhkAKf40DwMr0qGqiq5Q4m960yADEK1Aju/9cEf6Ag4FYyy70iyICe7Tj
-T8qjVzzwboUJao3m/152+6qvzGXJKdUUZqCnNcCc2wmirmg/ES4DLLFyYYXBflj7
-hWCOLXeghF/785te4fmiH3gqcEZBEVcc0wl1HCL5m3q9kGutGgLJVOZgM5D6zf2T
-0Sa60qIr5r+cKCS9OYowTH1+NqEsW4XhCVIe/RYEuXa3FFczIUbdGlUQ5t9ILBxi
-zbZ04Tj0tecqUVkhoEYZfQzhHEa43LzxATdQ4Zc01USaxhbSFSoyG1+WP1tPD+PL
-wqZA9tEuvKtngr/UP+BeLG0lWv5zbtShzM1V1cEg7JuoiI2onWstaN7NYXShiUMZ
-oVYXIBbmNbXVmm2TYzt4mw9TotGWHkSNjPZGvvAYw/0mtcw6NXs=
-=bzR1
------END PGP SIGNATURE-----

bind-9.18.24.tar.xz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEcGtsKGIOdvkdEfffUQpkKgbFLOwFAmXI5VgACgkQUQpkKgbF
+LOwcMA/+Ow94NYy2xIcuN2bqLtZLnfM8tWU3NL/mUJed/iYp//Q0CI3Q6pnLmPVY
+1j5trMDmNGcDHFg1RN4GKtsZmRm4icjANyuqYA7Bcqb2Qr7cezbkbpGrY6AI7ex/
+wGtt5+OL+1aZgAQWZV35XVmyW7c+HJ1zQc28Ctfh7pRwOU+sit7OGvTSZZVPaY/Q
+CzyOQnLE2lqpTZzcUT7m/ohHW7mYkf4GN+xRXuvD/TyAE+h3XetYdK03C8+lRY/y
+r6KbucVG2hm/6L5u00s2mPMH68vTidQiT1YPMMHcWSAXZ51OcVJdLCg5CVCnXDIJ
+O8PoUIs7cxvUstfdRGie7vyCwqsk9fwgH/9M+81OreizdxX7G/orKyzIfiBRxcMw
+UHpuc0bMfZ3CWigo79q1FdXaSpC+RA+noBqoDJS6/eMl9M0mFOUwuNIsDbTqHoRK
+tGJu9xFz4vjgisXIuXCyNEJfvzESRl/w7fAs90sumMiVrjxWw7JXAUsZfaMNQhI5
+LQedp+SGtrXQLUqLJe/nHeAKSuXKvf6ftgs5/nVBmLS/KPRfnciysDd7Vuu5+lFB
+FrEQ4b6m80H7W0kwRdqPEiFcGGS3Zsiyi1SAERMudsoR/JiDGVMuSRuulRwJVQw4
+rpylvX+yCy7VRXQIIo4K65TAWtHLnld3Lp1fnrmHbzL9ZrE2exE=
+=CnZp
+-----END PGP SIGNATURE-----

bind.changes

@@ -1,3 +1,43 @@
+-------------------------------------------------------------------
+Tue Feb 13 15:15:21 UTC 2024 - Jorik Cronenberg <jorik.cronenberg@suse.com>
+
+- Update to release 9.18.24
+  Security Fixes:
+  * Validating DNS messages containing a lot of DNSSEC signatures
+    could cause excessive CPU load, leading to a denial-of-service
+    condition. This has been fixed. (CVE-2023-50387)
+    [bsc#1219823]
+  * Preparing an NSEC3 closest encloser proof could cause excessiv
+    CPU load, leading to a denial-of-service condition. This has
+    been fixed. (CVE-2023-50868)
+    [bsc#1219826]
+  * Parsing DNS messages with many different names could cause
+    excessive CPU load. This has been fixed. (CVE-2023-4408)
+    [bsc#1219851]
+  * Specific queries could cause named to crash with an assertion
+    failure when nxdomain-redirect was enabled. This has been
+    fixed. (CVE-2023-5517)
+    [bsc#1219852]
+  * A bad interaction between DNS64 and serve-stale could cause
+    named to crash with an assertion failure, when both of these
+    features were enabled. This has been fixed. (CVE-2023-5679)
+    [bsc#1219853]
+  * Query patterns that continuously triggered cache database
+    maintenance could cause an excessive amount of memory to be
+    allocated, exceeding max-cache-size and potentially leading to
+    all available memory on the host running named being exhausted
+    This has been fixed. (CVE-2023-6516)
+    [bsc#1219854]
+  * Under certain circumstances, the DNS-over-TLS client code
+    incorrectly attempted to process more than one DNS message at a
+    time, which could cause named to crash with an assertion
+    failure. This has been fixed.
+
+  Bug Fixes:
+  * The counters exported via the statistics channel were changed
+    back to 64-bit signed values; they were being inadvertently
+    truncated to unsigned 32-bit values since BIND 9.15.0.
+
 -------------------------------------------------------------------
 Thu Jan  4 11:22:09 UTC 2024 - Jorik Cronenberg <jorik.cronenberg@suse.com>
 

bind.spec

@@ -56,7 +56,7 @@
   %define _fillupdir %{_localstatedir}/adm/fillup-templates
 %endif
 Name:           bind
-Version:        9.18.21
+Version:        9.18.24
 Release:        0
 Summary:        Domain Name System (DNS) Server (named)
 License:        MPL-2.0