Prevent increased CPU load on large DNS messages

6315.	[security]	Speed up parsing of DNS messages with many different
			names. (CVE-2023-4408) [GL #4234]
6321.	[security]	Change 6315 inadvertently introduced regressions that
			could cause named to crash. [GL #4234]
6343.	[bug]		Fix case insensitive setting for isc_ht hashtable.

Resolves: RHEL-25342
; Resolves: CVE-2023-4408
This commit is contained in:
Petr Menšík 2024-02-12 20:08:53 +01:00
parent 2b46612566
commit deeca182e3
2 changed files with 1741 additions and 1 deletions

File diff suppressed because it is too large Load Diff

View File

@ -51,7 +51,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
Name: bind Name: bind
License: MPLv2.0 License: MPLv2.0
Version: 9.16.23 Version: 9.16.23
Release: 15%{?dist} Release: 16%{?dist}
Epoch: 32 Epoch: 32
Url: https://www.isc.org/downloads/bind/ Url: https://www.isc.org/downloads/bind/
# #
@ -135,6 +135,7 @@ Patch191: bind-9.16-CVE-2023-2911-3.patch
Patch192: bind-9.16-CVE-2023-3341.patch Patch192: bind-9.16-CVE-2023-3341.patch
# https://gitlab.isc.org/isc-projects/bind9/commit/8924adca613ca9daea63786563cce6fdbd742c56 # https://gitlab.isc.org/isc-projects/bind9/commit/8924adca613ca9daea63786563cce6fdbd742c56
Patch193: bind-9.16-update-b.root-servers.net.patch Patch193: bind-9.16-update-b.root-servers.net.patch
Patch194: bind-9.16-CVE-2023-4408.patch
%{?systemd_ordering} %{?systemd_ordering}
Requires: coreutils Requires: coreutils
@ -456,6 +457,7 @@ in HTML and PDF format.
%patch191 -p1 -b .CVE-2023-2911-3 %patch191 -p1 -b .CVE-2023-2911-3
%patch192 -p1 -b .CVE-2023-3341 %patch192 -p1 -b .CVE-2023-3341
%patch193 -p1 -b .b.root-servers.net %patch193 -p1 -b .b.root-servers.net
%patch194 -p1 -b .CVE-2023-4408
%if %{with PKCS11} %if %{with PKCS11}
%patch135 -p1 -b .config-pkcs11 %patch135 -p1 -b .config-pkcs11
@ -1179,6 +1181,9 @@ fi;
%endif %endif
%changelog %changelog
* Mon Feb 12 2024 Petr Menšík <pemensik@redhat.com> - 32:9.16.23-16
- Prevent increased CPU load on large DNS messages (CVE-2023-4408)
* Thu Dec 07 2023 Petr Menšík <pemensik@redhat.com> - 32:9.16.23-15 * Thu Dec 07 2023 Petr Menšík <pemensik@redhat.com> - 32:9.16.23-15
- Update addresses of b.root-servers.net (RHEL-18188) - Update addresses of b.root-servers.net (RHEL-18188)