Resolve CVE-2024-4076
6403. [security] qctx-zversion was not being cleared when it should have been leading to an assertion failure if it needed to be reused. (CVE-2024-4076) [GL #4507] Resolves: RHEL-49940
This commit is contained in:
Petr Menšík
parent
809898a212
commit
6a3f81b6a8
29
bind-9.18-CVE-2024-4076.patch
Normal file
29
bind-9.18-CVE-2024-4076.patch
Normal file
@ -0,0 +1,29 @@
|
||||
From 274463c5b71db87a615694889da23837ba48db9a Mon Sep 17 00:00:00 2001
|
||||
From: Petr Mensik <pemensik@redhat.com>
|
||||
Date: Tue, 16 Jul 2024 19:49:26 +0200
|
||||
Subject: [PATCH] Resolve CVE-2024-4076
|
||||
|
||||
6403. [security] qctx-zversion was not being cleared when it should have
|
||||
been leading to an assertion failure if it needed to be
|
||||
reused. (CVE-2024-4076) [GL #4507]
|
||||
|
||||
Resolves: CVE-2024-4076
|
||||
---
|
||||
lib/ns/query.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/lib/ns/query.c b/lib/ns/query.c
|
||||
index 537d332..be4cbb6 100644
|
||||
--- a/lib/ns/query.c
|
||||
+++ b/lib/ns/query.c
|
||||
@@ -5325,6 +5325,7 @@ qctx_freedata(query_ctx_t *qctx) {
|
||||
ns_client_releasename(qctx->client, &qctx->zfname);
|
||||
dns_db_detachnode(qctx->zdb, &qctx->znode);
|
||||
dns_db_detach(&qctx->zdb);
|
||||
+ qctx->zversion = NULL;
|
||||
}
|
||||
|
||||
if (qctx->event != NULL && !qctx->client->nodetach) {
|
||||
--
|
||||
2.45.2
|
||||
|
||||
@ -161,6 +161,8 @@ Patch205: bind-9.16-isc_hp-additional.patch
|
||||
# https://gitlab.isc.org/isc-projects/bind9/commit/8ef414a7f38a04cfc11df44adaedaf3126fa3878
|
||||
Patch206: bind-9.16-CVE-2024-1975.patch
|
||||
Patch207: bind-9.16-CVE-2024-1737.patch
|
||||
# https://gitlab.isc.org/isc-projects/bind9/commit/a61be8eef0ee0ca8fd8036ccb61c6f9b728158ce
|
||||
Patch208: bind-9.18-CVE-2024-4076.patch
|
||||
|
||||
%{?systemd_ordering}
|
||||
Requires: coreutils
|
||||
@ -500,6 +502,7 @@ in HTML and PDF format.
|
||||
%patch205 -p1 -b .RHEL-39131
|
||||
%patch206 -p1 -b .CVE-2024-1975
|
||||
%patch207 -p1 -b .CVE-2024-1737
|
||||
%patch208 -p1 -b .CVE-2024-4076
|
||||
|
||||
%if %{with PKCS11}
|
||||
%patch135 -p1 -b .config-pkcs11
|
||||
@ -1231,6 +1234,7 @@ fi;
|
||||
* Thu Jul 18 2024 Petr Menšík <pemensik@redhat.com> - 32:9.16.23-22
|
||||
- Resolve CVE-2024-1975
|
||||
- Resolve CVE-2024-1737
|
||||
- Resolve CVE-2024-4076
|
||||
|
||||
* Tue Jul 09 2024 Petr Menšík <pemensik@redhat.com> - 32:9.16.23-21
|
||||
- Increase size of hazard pointer array (RHEL-39131)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user