{"id":"MGASA-2024-0038","summary":"Updated bind packages fix security vulnerabilities","details":"The updated packages fix security vulnerabilities:\nParsing large DNS messages may cause excessive CPU load. (CVE-2023-4408)\nQuerying RFC 1918 reverse zones may cause an assertion failure when\n\"nxdomain-redirect\" is enabled. (CVE-2023-5517)\nEnabling both DNS64 and serve-stale may cause an assertion failure\nduring recursive resolution. (CVE-2023-5679)\nKeyTrap - Extreme CPU consumption in DNSSEC validator. (CVE-2023-50387)\nPreparing an NSEC3 closest encloser proof can exhaust CPU resources.\n(CVE-2023-50868)\n","modified":"2026-04-16T04:44:42.489601553Z","published":"2024-02-15T18:36:07Z","upstream":["CVE-2023-4408","CVE-2023-50387","CVE-2023-50868","CVE-2023-5517","CVE-2023-5679"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2024-0038.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=32846"},{"type":"WEB","url":"https://kb.isc.org/docs/cve-2023-4408"},{"type":"WEB","url":"https://kb.isc.org/docs/cve-2023-5517"},{"type":"WEB","url":"https://kb.isc.org/docs/cve-2023-5679"},{"type":"WEB","url":"https://kb.isc.org/docs/cve-2023-50387"},{"type":"WEB","url":"https://kb.isc.org/docs/cve-2023-50868"},{"type":"WEB","url":"https://downloads.isc.org/isc/bind9/9.18.24/doc/arm/html/notes.html#notes-for-bind-9-18-24"}],"affected":[{"package":{"name":"bind","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/bind?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"9.18.15-2.3.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2024-0038.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}