CVE-2023-2828

NameCVE-2023-2828
DescriptionEvery `named` instance configured to run as a recursive resolver maint ...
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-3498-1, DSA-5439-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
bind9 (PTS)bullseye1:9.16.50-1~deb11u2fixed
bullseye (security)1:9.16.50-1~deb11u5fixed
bookworm1:9.18.41-1~deb12u1fixed
bookworm (security)1:9.18.47-1~deb12u1fixed
trixie1:9.20.18-1~deb13u1fixed
trixie (security)1:9.20.21-1~deb13u1fixed
forky, sid1:9.20.22-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
bind9sourcebuster1:9.11.5.P4+dfsg-5.1+deb10u9DLA-3498-1
bind9sourcebullseye1:9.16.42-1~deb11u1DSA-5439-1
bind9sourcebookworm1:9.18.16-1~deb12u1DSA-5439-1
bind9source(unstable)1:9.18.16-1

Notes

https://kb.isc.org/docs/cve-2023-2828
https://downloads.isc.org/isc/bind9/9.18.16/patches/0001-CVE-2023-2828.patch
https://downloads.isc.org/isc/bind9/9.16.42/patches/0001-CVE-2023-2828.patch
Search for package or bug name: Reporting problems