OSG-SEC-2022-10-04 MEDIUM DNS BIND memory leaks
Dear OSG Security Contacts,
The DNSSEC verification code for the ECDSA algorithm leaks memory when there is a signature length mismatch, and can crash the DNS server daemon. Additional details are covered in CVE-2022-38177. 
BIND 9.8.4 -> 9.16.32
WHAT ARE THE VULNERABILITIES:
By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where 'named' crashes for lack of resources, resulting in a denial of service attack for DNS lookups made against the crashed server.  The risk is negligible for systems not using BIND to run a DNS server. If, however, you are using 'named' to run a DNS server then the impact could be a significant but temporary interruption of any services relying on DNS lookups.
WHAT YOU SHOULD DO:
Update affected systems as patches become available and make sure relevant daemons are restarted.
Sites running RHEL should see 
Sites running CentOS should also see 
Sites running Ubuntu should see 
Sites running Scientific Linux should see 
Sites running Debian should see 
Sites running RockyLinux should see 
Sites running Almalinux should see 
Please contact the OSG security team at [email protected] if you have any questions or concerns.
OSG Security Team