Fixes of CVE-2023-50387 and CVE-2023-50868 caused ABI change

Enforce updated rebuild is accepted only, conflict with older builds

; Related: CVE-2023-50387 CVE-2023-50868
Related: RHEL-25681 RHEL-25649

bind.spec

@@ -68,7 +68,7 @@ Summary:  The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
 Name:     bind
 License:  MPLv2.0
 Version:  9.11.36
-Release:  14%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}
+Release:  15%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}
 Epoch:    32
 Url:      https://www.isc.org/downloads/bind/
 #
@@ -212,6 +212,9 @@ Obsoletes:      caching-nameserver < 31:9.4.1-7.fc8
 Provides:       caching-nameserver = 31:9.4.1-7.fc8
 Obsoletes:      dnssec-conf < 1.27-2
 Provides:       dnssec-conf = 1.27-2
+# Fixes of CVE-2023-50387 and CVE-2023-50868 caused ABI change
+# Enforce updated rebuild is accepted only
+Conflicts:      bind-dyndb-ldap < 11.6-5
 BuildRequires:  gcc, make
 BuildRequires:  openssl-devel, libtool, autoconf, pkgconfig, libcap-devel
 BuildRequires:  libidn2-devel, libxml2-devel
@@ -1653,6 +1656,9 @@ rm -rf ${RPM_BUILD_ROOT}
 %endif
 
 %changelog
+* Fri Apr 12 2024 Petr Menšík <pemensik@redhat.com> - 32:9.11.36-15
+- Ensure incompatible bind-dyndb-ldap is not accepted
+
 * Mon Feb 26 2024 Petr Menšík <pemensik@redhat.com> - 32:9.11.36-14
 - Speed up parsing of DNS messages with many different names (CVE-2023-4408)
 - Prevent increased CPU consumption in DNSSEC validator (CVE-2023-50387 CVE-2023-50868)