Amazon Linux 2 Security Advisory: ALAS-2025-2751
Advisory Release Date: 2025-01-30 22:56 Pacific
Advisory Updated Date: 2025-02-04 11:02 Pacific
It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources processing the queries. Zones will usually need to have been deliberately crafted to attack this exposure.
This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.32-S1. (CVE-2024-11187)
Clients using DNS-over-HTTPS (DoH) can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic.
This issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 through 9.18.32-S1. (CVE-2024-12705)
Affected Packages:
bind
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update bind to update your system.
aarch64:
bind-9.11.4-26.P2.amzn2.13.11.aarch64
bind-pkcs11-9.11.4-26.P2.amzn2.13.11.aarch64
bind-pkcs11-utils-9.11.4-26.P2.amzn2.13.11.aarch64
bind-pkcs11-libs-9.11.4-26.P2.amzn2.13.11.aarch64
bind-pkcs11-devel-9.11.4-26.P2.amzn2.13.11.aarch64
bind-sdb-9.11.4-26.P2.amzn2.13.11.aarch64
bind-libs-lite-9.11.4-26.P2.amzn2.13.11.aarch64
bind-libs-9.11.4-26.P2.amzn2.13.11.aarch64
bind-utils-9.11.4-26.P2.amzn2.13.11.aarch64
bind-devel-9.11.4-26.P2.amzn2.13.11.aarch64
bind-lite-devel-9.11.4-26.P2.amzn2.13.11.aarch64
bind-chroot-9.11.4-26.P2.amzn2.13.11.aarch64
bind-sdb-chroot-9.11.4-26.P2.amzn2.13.11.aarch64
bind-export-libs-9.11.4-26.P2.amzn2.13.11.aarch64
bind-export-devel-9.11.4-26.P2.amzn2.13.11.aarch64
bind-debuginfo-9.11.4-26.P2.amzn2.13.11.aarch64
i686:
bind-9.11.4-26.P2.amzn2.13.11.i686
bind-pkcs11-9.11.4-26.P2.amzn2.13.11.i686
bind-pkcs11-utils-9.11.4-26.P2.amzn2.13.11.i686
bind-pkcs11-libs-9.11.4-26.P2.amzn2.13.11.i686
bind-pkcs11-devel-9.11.4-26.P2.amzn2.13.11.i686
bind-sdb-9.11.4-26.P2.amzn2.13.11.i686
bind-libs-lite-9.11.4-26.P2.amzn2.13.11.i686
bind-libs-9.11.4-26.P2.amzn2.13.11.i686
bind-utils-9.11.4-26.P2.amzn2.13.11.i686
bind-devel-9.11.4-26.P2.amzn2.13.11.i686
bind-lite-devel-9.11.4-26.P2.amzn2.13.11.i686
bind-chroot-9.11.4-26.P2.amzn2.13.11.i686
bind-sdb-chroot-9.11.4-26.P2.amzn2.13.11.i686
bind-export-libs-9.11.4-26.P2.amzn2.13.11.i686
bind-export-devel-9.11.4-26.P2.amzn2.13.11.i686
bind-debuginfo-9.11.4-26.P2.amzn2.13.11.i686
noarch:
bind-license-9.11.4-26.P2.amzn2.13.11.noarch
src:
bind-9.11.4-26.P2.amzn2.13.11.src
x86_64:
bind-9.11.4-26.P2.amzn2.13.11.x86_64
bind-pkcs11-9.11.4-26.P2.amzn2.13.11.x86_64
bind-pkcs11-utils-9.11.4-26.P2.amzn2.13.11.x86_64
bind-pkcs11-libs-9.11.4-26.P2.amzn2.13.11.x86_64
bind-pkcs11-devel-9.11.4-26.P2.amzn2.13.11.x86_64
bind-sdb-9.11.4-26.P2.amzn2.13.11.x86_64
bind-libs-lite-9.11.4-26.P2.amzn2.13.11.x86_64
bind-libs-9.11.4-26.P2.amzn2.13.11.x86_64
bind-utils-9.11.4-26.P2.amzn2.13.11.x86_64
bind-devel-9.11.4-26.P2.amzn2.13.11.x86_64
bind-lite-devel-9.11.4-26.P2.amzn2.13.11.x86_64
bind-chroot-9.11.4-26.P2.amzn2.13.11.x86_64
bind-sdb-chroot-9.11.4-26.P2.amzn2.13.11.x86_64
bind-export-libs-9.11.4-26.P2.amzn2.13.11.x86_64
bind-export-devel-9.11.4-26.P2.amzn2.13.11.x86_64
bind-debuginfo-9.11.4-26.P2.amzn2.13.11.x86_64