July 2024 security fixes
Legend
| Icon | Meaning |
|---|---|
| Outstanding task | |
| Needs finishing | |
| Complete | |
| Waiting for other tasks to be completed | |
| Does not apply | |
| See note |
Status
CVE-2024-0760 Flood of DNS messages over a single TCP connections makes server unusable
| Branch | Fix (merge request) | Fix (patch) | Reproducer |
|---|---|---|---|
| v9.19 |
|
|
|
| v9.18 |
|
||
| v9.18-S |
CVE-2024-1737 slow database if a node has 32k RRs of the same type on it
| Branch | Fix (merge request) | Fix (patch) | Reproducer |
|---|---|---|---|
| v9.19 |
|
:notepad_spiral: | |
| v9.18 |
|
:notepad_spiral: | |
| v9.18-S | |||
| v9.16 |
|
:notepad_spiral: | |
| v9.16-S | (1) - unrelated ECS fix , (2) CVE fix | ||
| v9.11 (EoL) |
|
(1) - unrelated rbtdb fix , (2) - CVE fix | :notepad_spiral: |
| v9.11-S (EoL) | (1) - unrelated rbtdb fix , (2) - CVE fix |
CVE-2024-1975 SIG(0) can be used to exhaust CPU resources
- Related #4548, #3403
| Branch | Fix (merge request) | Fix (patch) | Reproducer |
|---|---|---|---|
| v9.19 |
|
||
| v9.18 |
|
||
| v9.18-S | |||
| v9.16 |
|
||
| v9.16-S | |||
| v9.11 (EoL) |
|
|
|
| v9.11-S (EoL) |
CVE-2024-4076 serve-stale zversion crash
| Branch | Fix (merge request) | Fix (patch) | Reproducer |
|---|---|---|---|
| v9.19 |
|
||
| v9.18 |
|
||
| v9.18-S | |||
| v9.16 |
|
||
| v9.16-S | |||
| v9.11 (EoL) | |||
| v9.11-S (EoL) |
|
Other security fixes
#4473 (closed) Intermittent BIND Process Termination on FreeBSD System with Integrated DoH service
| Branch | Fix (merge request) | Fix (patch) | Reproducer |
|---|---|---|---|
| v9.19 |
|
||
| v9.18 |
|
#4661 (closed) serve-stale crash when looking up NS records for a DS lookup
| Branch | Fix (merge request) | Fix (patch) | Reproducer |
|---|---|---|---|
| v9.18 |
|
||
| v9.18-S | |||
| v9.16 |
|
||
| v9.16-S | |||
| v9.11 (EoL) |
Edited by Michał Kępień