Address various spoofing attacks (CVE-2025-40778)

https://kb.isc.org/docs/cve-2025-40778 Upstream 9.11 patch Resolves: RHEL-123312
2025-10-30 19:27:56 +01:00 · 2025-10-30 19:27:56 +01:00 · f5bb40bd48
commit f5bb40bd48
parent 15b79e9259
2 changed files with 1090 additions and 1 deletions
--- a/bind-9.11-CVE-2025-40778.patch
+++ b/bind-9.11-CVE-2025-40778.patch
--- a/bind.spec
+++ b/bind.spec
@ -68,7 +68,7 @@ Summary:  The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
 Name:     bind
 License:  MPLv2.0
 Version:  9.11.36
-Release:  16%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}.5
+Release:  16%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}.6
 Epoch:    32
 Url:      https://www.isc.org/downloads/bind/
 #
@ -204,6 +204,7 @@ Patch210: bind-9.18-CVE-2024-11187.patch
 Patch211: bind-9.11-d-max-records-per-type.patch
 Patch212: bind-9.11-d-max-types-per-name.patch
 Patch213: bind-9.11-d-max-records-checkconf.patch
+Patch214: bind-9.11-CVE-2025-40778.patch

 # SDB patches
 Patch11: bind-9.3.2b2-sdbsrc.patch
@ -632,6 +633,7 @@ are used for building ISC DHCP.
 %patch -P 211 -p1 -b .records-per-type
 %patch -P 212 -p1 -b .types-per-name
 %patch -P 213 -p1 -b .records-checkconf
+%patch -P 214 -p1 -b .CVE-2025-40778

 mkdir lib/dns/tests/testdata/dstrandom
 cp -a %{SOURCE50} lib/dns/tests/testdata/dstrandom/random.data
@ -1684,6 +1686,9 @@ rm -rf ${RPM_BUILD_ROOT}
 %endif

 %changelog
+* Thu Oct 30 2025 Petr Menšík <pemensik@redhat.com> - 32:9.11.36-16.6
+- Address various spoofing attacks (CVE-2025-40778)
+
 * Thu Jul 10 2025 Petr Menšík <pemensik@redhat.com> - 32:9.11.36-16.5
 - Add support for max-records-per-type and max-types-per-name options
  (RHEL-61936)