From ccd61ef0da250a61e7a5cdd0ed6fa6dc3ff92ff6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= Date: Fri, 12 Apr 2024 18:01:35 +0200 Subject: [PATCH] Fixes of CVE-2023-50387 and CVE-2023-50868 caused ABI change Enforce updated rebuild is accepted only, conflict with older builds ; Related: CVE-2023-50387 CVE-2023-50868 Related: RHEL-25681 RHEL-25649 --- bind.spec | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/bind.spec b/bind.spec index 34b69d7..e2ef7c7 100644 --- a/bind.spec +++ b/bind.spec @@ -68,7 +68,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv Name: bind License: MPLv2.0 Version: 9.11.36 -Release: 14%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist} +Release: 15%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist} Epoch: 32 Url: https://www.isc.org/downloads/bind/ # @@ -212,6 +212,9 @@ Obsoletes: caching-nameserver < 31:9.4.1-7.fc8 Provides: caching-nameserver = 31:9.4.1-7.fc8 Obsoletes: dnssec-conf < 1.27-2 Provides: dnssec-conf = 1.27-2 +# Fixes of CVE-2023-50387 and CVE-2023-50868 caused ABI change +# Enforce updated rebuild is accepted only +Conflicts: bind-dyndb-ldap < 11.6-5 BuildRequires: gcc, make BuildRequires: openssl-devel, libtool, autoconf, pkgconfig, libcap-devel BuildRequires: libidn2-devel, libxml2-devel @@ -1653,6 +1656,9 @@ rm -rf ${RPM_BUILD_ROOT} %endif %changelog +* Fri Apr 12 2024 Petr Menšík - 32:9.11.36-15 +- Ensure incompatible bind-dyndb-ldap is not accepted + * Mon Feb 26 2024 Petr Menšík - 32:9.11.36-14 - Speed up parsing of DNS messages with many different names (CVE-2023-4408) - Prevent increased CPU consumption in DNSSEC validator (CVE-2023-50387 CVE-2023-50868)