Prevent increased CPU load on large DNS messages
6315. [security] Speed up parsing of DNS messages with many different names. (CVE-2023-4408) [GL #4234] 6321. [security] Change 6315 inadvertently introduced regressions that could cause named to crash. [GL #4234] 6343. [bug] Fix case insensitive setting for isc_ht hashtable. Resolves: RHEL-25342 ; Resolves: CVE-2023-4408
This commit is contained in:
parent
2b46612566
commit
deeca182e3
1735
bind-9.16-CVE-2023-4408.patch
Normal file
1735
bind-9.16-CVE-2023-4408.patch
Normal file
File diff suppressed because it is too large
Load Diff
@ -51,7 +51,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
|
|||||||
Name: bind
|
Name: bind
|
||||||
License: MPLv2.0
|
License: MPLv2.0
|
||||||
Version: 9.16.23
|
Version: 9.16.23
|
||||||
Release: 15%{?dist}
|
Release: 16%{?dist}
|
||||||
Epoch: 32
|
Epoch: 32
|
||||||
Url: https://www.isc.org/downloads/bind/
|
Url: https://www.isc.org/downloads/bind/
|
||||||
#
|
#
|
||||||
@ -135,6 +135,7 @@ Patch191: bind-9.16-CVE-2023-2911-3.patch
|
|||||||
Patch192: bind-9.16-CVE-2023-3341.patch
|
Patch192: bind-9.16-CVE-2023-3341.patch
|
||||||
# https://gitlab.isc.org/isc-projects/bind9/commit/8924adca613ca9daea63786563cce6fdbd742c56
|
# https://gitlab.isc.org/isc-projects/bind9/commit/8924adca613ca9daea63786563cce6fdbd742c56
|
||||||
Patch193: bind-9.16-update-b.root-servers.net.patch
|
Patch193: bind-9.16-update-b.root-servers.net.patch
|
||||||
|
Patch194: bind-9.16-CVE-2023-4408.patch
|
||||||
|
|
||||||
%{?systemd_ordering}
|
%{?systemd_ordering}
|
||||||
Requires: coreutils
|
Requires: coreutils
|
||||||
@ -456,6 +457,7 @@ in HTML and PDF format.
|
|||||||
%patch191 -p1 -b .CVE-2023-2911-3
|
%patch191 -p1 -b .CVE-2023-2911-3
|
||||||
%patch192 -p1 -b .CVE-2023-3341
|
%patch192 -p1 -b .CVE-2023-3341
|
||||||
%patch193 -p1 -b .b.root-servers.net
|
%patch193 -p1 -b .b.root-servers.net
|
||||||
|
%patch194 -p1 -b .CVE-2023-4408
|
||||||
|
|
||||||
%if %{with PKCS11}
|
%if %{with PKCS11}
|
||||||
%patch135 -p1 -b .config-pkcs11
|
%patch135 -p1 -b .config-pkcs11
|
||||||
@ -1179,6 +1181,9 @@ fi;
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Feb 12 2024 Petr Menšík <pemensik@redhat.com> - 32:9.16.23-16
|
||||||
|
- Prevent increased CPU load on large DNS messages (CVE-2023-4408)
|
||||||
|
|
||||||
* Thu Dec 07 2023 Petr Menšík <pemensik@redhat.com> - 32:9.16.23-15
|
* Thu Dec 07 2023 Petr Menšík <pemensik@redhat.com> - 32:9.16.23-15
|
||||||
- Update addresses of b.root-servers.net (RHEL-18188)
|
- Update addresses of b.root-servers.net (RHEL-18188)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user