Amazon Linux 2023 Security Advisory: ALAS-2023-010
Advisory Release Date: 2023-02-17 20:42 Pacific
Advisory Updated Date: 2023-02-23 00:00 Pacific
A cache poisoning vulnerability was found in BIND when using forwarders. Bogus NS records supplied by the forwarders may be cached and used by name if it needs to recurse for any reason. This issue causes it to obtain and pass on potentially incorrect answers. This flaw allows a remote attacker to manipulate cache results with incorrect records, leading to queries made to the wrong servers, possibly resulting in false information received on the client's end. (CVE-2021-25220)
A flaw was found in Bind that incorrectly handles certain crafted TCP streams. The vulnerability allows TCP connection slots to be consumed for an indefinite time frame via a specifically crafted TCP stream sent from a client. This flaw allows a remote attacker to send specially crafted TCP streams with keep-response-order enabled that could cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period, even after the client has terminated the connection. This issue results in BIND consuming resources, leading to a denial of service. (CVE-2022-0396)
Affected Packages:
bind
Issue Correction:
Run dnf update bind --releasever=2023.0.20230222 to update your system.
aarch64:
bind-pkcs11-debuginfo-9.16.27-1.amzn2023.0.2.aarch64
bind-dlz-filesystem-debuginfo-9.16.27-1.amzn2023.0.2.aarch64
bind-dnssec-utils-debuginfo-9.16.27-1.amzn2023.0.2.aarch64
bind-utils-9.16.27-1.amzn2023.0.2.aarch64
bind-libs-debuginfo-9.16.27-1.amzn2023.0.2.aarch64
bind-dnssec-utils-9.16.27-1.amzn2023.0.2.aarch64
bind-pkcs11-utils-9.16.27-1.amzn2023.0.2.aarch64
bind-pkcs11-devel-9.16.27-1.amzn2023.0.2.aarch64
bind-pkcs11-utils-debuginfo-9.16.27-1.amzn2023.0.2.aarch64
bind-chroot-9.16.27-1.amzn2023.0.2.aarch64
bind-pkcs11-9.16.27-1.amzn2023.0.2.aarch64
bind-pkcs11-libs-9.16.27-1.amzn2023.0.2.aarch64
bind-dlz-sqlite3-debuginfo-9.16.27-1.amzn2023.0.2.aarch64
bind-dlz-filesystem-9.16.27-1.amzn2023.0.2.aarch64
bind-debuginfo-9.16.27-1.amzn2023.0.2.aarch64
bind-debugsource-9.16.27-1.amzn2023.0.2.aarch64
bind-devel-9.16.27-1.amzn2023.0.2.aarch64
bind-dlz-mysql-debuginfo-9.16.27-1.amzn2023.0.2.aarch64
bind-dlz-ldap-9.16.27-1.amzn2023.0.2.aarch64
bind-pkcs11-libs-debuginfo-9.16.27-1.amzn2023.0.2.aarch64
bind-utils-debuginfo-9.16.27-1.amzn2023.0.2.aarch64
bind-9.16.27-1.amzn2023.0.2.aarch64
bind-dlz-mysql-9.16.27-1.amzn2023.0.2.aarch64
bind-dlz-ldap-debuginfo-9.16.27-1.amzn2023.0.2.aarch64
bind-libs-9.16.27-1.amzn2023.0.2.aarch64
bind-dlz-sqlite3-9.16.27-1.amzn2023.0.2.aarch64
noarch:
bind-license-9.16.27-1.amzn2023.0.2.noarch
bind-doc-9.16.27-1.amzn2023.0.2.noarch
python3-bind-9.16.27-1.amzn2023.0.2.noarch
bind-dnssec-doc-9.16.27-1.amzn2023.0.2.noarch
src:
bind-9.16.27-1.amzn2023.0.2.src
x86_64:
bind-libs-debuginfo-9.16.27-1.amzn2023.0.2.x86_64
bind-utils-debuginfo-9.16.27-1.amzn2023.0.2.x86_64
bind-pkcs11-libs-debuginfo-9.16.27-1.amzn2023.0.2.x86_64
bind-dlz-filesystem-9.16.27-1.amzn2023.0.2.x86_64
bind-debuginfo-9.16.27-1.amzn2023.0.2.x86_64
bind-dnssec-utils-9.16.27-1.amzn2023.0.2.x86_64
bind-pkcs11-debuginfo-9.16.27-1.amzn2023.0.2.x86_64
bind-pkcs11-libs-9.16.27-1.amzn2023.0.2.x86_64
bind-chroot-9.16.27-1.amzn2023.0.2.x86_64
bind-debugsource-9.16.27-1.amzn2023.0.2.x86_64
bind-pkcs11-devel-9.16.27-1.amzn2023.0.2.x86_64
bind-dlz-mysql-9.16.27-1.amzn2023.0.2.x86_64
bind-dlz-sqlite3-debuginfo-9.16.27-1.amzn2023.0.2.x86_64
bind-libs-9.16.27-1.amzn2023.0.2.x86_64
bind-pkcs11-utils-debuginfo-9.16.27-1.amzn2023.0.2.x86_64
bind-dnssec-utils-debuginfo-9.16.27-1.amzn2023.0.2.x86_64
bind-dlz-sqlite3-9.16.27-1.amzn2023.0.2.x86_64
bind-devel-9.16.27-1.amzn2023.0.2.x86_64
bind-9.16.27-1.amzn2023.0.2.x86_64
bind-dlz-filesystem-debuginfo-9.16.27-1.amzn2023.0.2.x86_64
bind-pkcs11-utils-9.16.27-1.amzn2023.0.2.x86_64
bind-dlz-ldap-9.16.27-1.amzn2023.0.2.x86_64
bind-dlz-mysql-debuginfo-9.16.27-1.amzn2023.0.2.x86_64
bind-pkcs11-9.16.27-1.amzn2023.0.2.x86_64
bind-dlz-ldap-debuginfo-9.16.27-1.amzn2023.0.2.x86_64
bind-utils-9.16.27-1.amzn2023.0.2.x86_64