| Package | bind9 |
|---|---|
| Version | 9.9.5.dfsg-9+deb8u31 (jessie), 1:9.10.3.dfsg.P4-12.3+deb9u16 (stretch) |
| Related CVEs | CVE-2023-50387 CVE-2023-50868 |
Two vulnerabilities were discovered in BIND, a DNS server implementation, which may result in denial of service.
CVE-2023-50387
Certain DNSSEC aspects of the DNS protocol allow remote attackers to cause
a denial of service via DNSSEC queries. This is known as the "KeyTrap"
issue.
CVE-2023-50868
The Closest Encloser Proof aspect of the DNS protocol allows remote
attackers to cause a denial of service via DNSSEC queries in a random
subdomain attack. This is known as the "NSEC3" issue.
For Debian 8 jessie, these problems have been fixed in version 9.9.5.dfsg-9+deb8u31.
For Debian 9 stretch, these problems have been fixed in version 1:9.10.3.dfsg.P4-12.3+deb9u16.
We recommend that you upgrade your bind9 packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.