The processing of responses coming from DNSSEC-signed zones using NSEC3 can cause CPU exhaustion on a DNSSEC-validating resolver.
Created bind tracking bugs for this issue: Affects: fedora-all [bug 2264068]
Quite surprising information for me. This seems to have been coordinated among multiple vendors. This is issue not only in BIND9, but any validating resolvers it seems! Found out just by coincidence at: https://fosstodon.org/@tychotithonus@infosec.exchange/111924626751024210 - unbound is affected as well: https://github.com/NLnetLabs/unbound/releases/tag/release-1.19.1 - dnsmasq is affected too: https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html Somehow I expect systemd-resolved to be affected too, when everyone else is.
Related to bug #2263914. ISC KB article: https://kb.isc.org/docs/cve-2023-50868
Created dnsmasq tracking bugs for this issue: Affects: fedora-all [bug 2264102] Created unbound tracking bugs for this issue: Affects: fedora-all [bug 2264101]
Created dhcp tracking bugs for this issue: Affects: fedora-all [bug 2264364]
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:0965 https://access.redhat.com/errata/RHSA-2024:0965
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:0977 https://access.redhat.com/errata/RHSA-2024:0977
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2024:0981 https://access.redhat.com/errata/RHSA-2024:0981
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2024:0982 https://access.redhat.com/errata/RHSA-2024:0982
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:1334 https://access.redhat.com/errata/RHSA-2024:1334
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:1335 https://access.redhat.com/errata/RHSA-2024:1335
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2024:1522 https://access.redhat.com/errata/RHSA-2024:1522
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2024:1543 https://access.redhat.com/errata/RHSA-2024:1543
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2024:1544 https://access.redhat.com/errata/RHSA-2024:1544
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2024:1545 https://access.redhat.com/errata/RHSA-2024:1545
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2024:1647 https://access.redhat.com/errata/RHSA-2024:1647
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2024:1648 https://access.redhat.com/errata/RHSA-2024:1648
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:1781 https://access.redhat.com/errata/RHSA-2024:1781
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:1782 https://access.redhat.com/errata/RHSA-2024:1782
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:1789 https://access.redhat.com/errata/RHSA-2024:1789
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2024:1801 https://access.redhat.com/errata/RHSA-2024:1801
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2024:1800 https://access.redhat.com/errata/RHSA-2024:1800
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2024:1804 https://access.redhat.com/errata/RHSA-2024:1804
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2024:1803 https://access.redhat.com/errata/RHSA-2024:1803
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:2551 https://access.redhat.com/errata/RHSA-2024:2551
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Telecommunications Update Service Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Via RHSA-2024:2587 https://access.redhat.com/errata/RHSA-2024:2587
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Red Hat Enterprise Linux 8.2 Telecommunications Update Service Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Via RHSA-2024:2696 https://access.redhat.com/errata/RHSA-2024:2696
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2024:2720 https://access.redhat.com/errata/RHSA-2024:2720
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2024:2721 https://access.redhat.com/errata/RHSA-2024:2721
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.4 Telecommunications Update Service Via RHSA-2024:2821 https://access.redhat.com/errata/RHSA-2024:2821
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Via RHSA-2024:2890 https://access.redhat.com/errata/RHSA-2024:2890
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:3271 https://access.redhat.com/errata/RHSA-2024:3271