[El-errata] ELSA-2024-1782 Important: Oracle Linux 8 bind and dhcp security update

Mon Apr 15 14:03:56 UTC 2024

Oracle Linux Security Advisory ELSA-2024-1782

http://linux.oracle.com/errata/ELSA-2024-1782.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
bind-9.11.36-11.el8_9.1.x86_64.rpm
bind-chroot-9.11.36-11.el8_9.1.x86_64.rpm
bind-devel-9.11.36-11.el8_9.1.i686.rpm
bind-devel-9.11.36-11.el8_9.1.x86_64.rpm
bind-export-devel-9.11.36-11.el8_9.1.i686.rpm
bind-export-devel-9.11.36-11.el8_9.1.x86_64.rpm
bind-export-libs-9.11.36-11.el8_9.1.i686.rpm
bind-export-libs-9.11.36-11.el8_9.1.x86_64.rpm
bind-libs-9.11.36-11.el8_9.1.i686.rpm
bind-libs-9.11.36-11.el8_9.1.x86_64.rpm
bind-libs-lite-9.11.36-11.el8_9.1.i686.rpm
bind-libs-lite-9.11.36-11.el8_9.1.x86_64.rpm
bind-license-9.11.36-11.el8_9.1.noarch.rpm
bind-lite-devel-9.11.36-11.el8_9.1.i686.rpm
bind-lite-devel-9.11.36-11.el8_9.1.x86_64.rpm
bind-pkcs11-9.11.36-11.el8_9.1.x86_64.rpm
bind-pkcs11-devel-9.11.36-11.el8_9.1.i686.rpm
bind-pkcs11-devel-9.11.36-11.el8_9.1.x86_64.rpm
bind-pkcs11-libs-9.11.36-11.el8_9.1.i686.rpm
bind-pkcs11-libs-9.11.36-11.el8_9.1.x86_64.rpm
bind-pkcs11-utils-9.11.36-11.el8_9.1.x86_64.rpm
bind-sdb-9.11.36-11.el8_9.1.x86_64.rpm
bind-sdb-chroot-9.11.36-11.el8_9.1.x86_64.rpm
bind-utils-9.11.36-11.el8_9.1.x86_64.rpm
dhcp-client-4.3.6-49.el8_9.1.x86_64.rpm
dhcp-common-4.3.6-49.el8_9.1.noarch.rpm
dhcp-libs-4.3.6-49.el8_9.1.i686.rpm
dhcp-libs-4.3.6-49.el8_9.1.x86_64.rpm
dhcp-relay-4.3.6-49.el8_9.1.x86_64.rpm
dhcp-server-4.3.6-49.el8_9.1.x86_64.rpm
python3-bind-9.11.36-11.el8_9.1.noarch.rpm

aarch64:
bind-9.11.36-11.el8_9.1.aarch64.rpm
bind-chroot-9.11.36-11.el8_9.1.aarch64.rpm
bind-devel-9.11.36-11.el8_9.1.aarch64.rpm
bind-export-devel-9.11.36-11.el8_9.1.aarch64.rpm
bind-export-libs-9.11.36-11.el8_9.1.aarch64.rpm
bind-libs-9.11.36-11.el8_9.1.aarch64.rpm
bind-libs-lite-9.11.36-11.el8_9.1.aarch64.rpm
bind-license-9.11.36-11.el8_9.1.noarch.rpm
bind-lite-devel-9.11.36-11.el8_9.1.aarch64.rpm
bind-pkcs11-9.11.36-11.el8_9.1.aarch64.rpm
bind-pkcs11-devel-9.11.36-11.el8_9.1.aarch64.rpm
bind-pkcs11-libs-9.11.36-11.el8_9.1.aarch64.rpm
bind-pkcs11-utils-9.11.36-11.el8_9.1.aarch64.rpm
bind-sdb-9.11.36-11.el8_9.1.aarch64.rpm
bind-sdb-chroot-9.11.36-11.el8_9.1.aarch64.rpm
bind-utils-9.11.36-11.el8_9.1.aarch64.rpm
dhcp-client-4.3.6-49.el8_9.1.aarch64.rpm
dhcp-common-4.3.6-49.el8_9.1.noarch.rpm
dhcp-libs-4.3.6-49.el8_9.1.aarch64.rpm
dhcp-relay-4.3.6-49.el8_9.1.aarch64.rpm
dhcp-server-4.3.6-49.el8_9.1.aarch64.rpm
python3-bind-9.11.36-11.el8_9.1.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//bind-9.11.36-11.el8_9.1.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//dhcp-4.3.6-49.el8_9.1.src.rpm

Related CVEs:

CVE-2023-4408
CVE-2023-50387
CVE-2023-50868

Description of changes:

bind
[32:9.11.36-11.1]
- Speed up parsing of DNS messages with many different names (CVE-2023-4408)
- Prevent increased CPU consumption in DNSSEC validator (CVE-2023-50387 CVE-2023-50868)
- Do not use header_prev in expire_lru_headers

dhcp
[4.3.6]
- Change bug tracker path

[12:4.3.6-49.1]
- Rebuild because of bind ABI changes related to CVE-2023-50387