July 23, 2024
Improvements
-
- BIND has been upgraded to v9.16.50 (along with patches from ISC) on the Micetro appliances to address the following security vulnerabilities:
-
- CVE-2024-0760: A flood of DNS messages over TCP may make the server unstable
- CVE-2024-1737: BIND’s database will be slow if a very large number of RRs exist at the same name
- CVE-2024-1975: SIG(0) can be used to exhaust CPU resources
- CVE-2024-4076: Assertion failure when serving both stale cache data and authoritative zone content
Please note that when updating the Micetro appliances it is necessary to restart them for the change to take full effect, this usually takes about 20-30 seconds.
MDDS appliances have also been updated to include a BIND version that contains those security fixes, this will result in a restart of the BIND service which will only take few seconds