rpms/bind9.16
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Resolve CVE-2024-4076

Browse Source 
6403.	[security]	qctx-zversion was not being cleared when it should have
			been leading to an assertion failure if it needed to be
			reused. (CVE-2024-4076) [GL #4507]

Resolves: RHEL-50874
This commit is contained in:
Petr Menšík 2024-07-18 17:33:01 +02:00
parent 1f78a2c237
commit 195bb063de
2 changed files with 33 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
bind-9.18-CVE-2024-4076.patch Normal file
View File

@ -0,0 +1,29 @@
From 274463c5b71db87a615694889da23837ba48db9a Mon Sep 17 00:00:00 2001
From: Petr Mensik <pemensik@redhat.com>
Date: Tue, 16 Jul 2024 19:49:26 +0200
Subject: [PATCH] Resolve CVE-2024-4076
6403. [security] qctx-zversion was not being cleared when it should have
been leading to an assertion failure if it needed to be
reused. (CVE-2024-4076) [GL #4507]
Resolves: CVE-2024-4076
---
lib/ns/query.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/lib/ns/query.c b/lib/ns/query.c
index 537d332..be4cbb6 100644
--- a/lib/ns/query.c
+++ b/lib/ns/query.c
@@ -5325,6 +5325,7 @@ qctx_freedata(query_ctx_t *qctx) {
ns_client_releasename(qctx->client, &qctx->zfname);
dns_db_detachnode(qctx->zdb, &qctx->znode);
dns_db_detach(&qctx->zdb);
+ qctx->zversion = NULL;
}
if (qctx->event != NULL && !qctx->client->nodetach) {
--
2.45.2

4
bind9.16.spec
View File

@ -154,6 +154,8 @@ Patch205: bind-9.16-CVE-2024-1975.patch
# https://gitlab.isc.org/isc-projects/bind9/commit/fdabf4b9570a60688f9f7d1e88d885f7a3718bca # https://gitlab.isc.org/isc-projects/bind9/commit/fdabf4b9570a60688f9f7d1e88d885f7a3718bca
# https://gitlab.isc.org/isc-projects/bind9/commit/8ef414a7f38a04cfc11df44adaedaf3126fa3878 # https://gitlab.isc.org/isc-projects/bind9/commit/8ef414a7f38a04cfc11df44adaedaf3126fa3878
Patch206: bind-9.16-CVE-2024-1737.patch Patch206: bind-9.16-CVE-2024-1737.patch
# https://gitlab.isc.org/isc-projects/bind9/commit/a61be8eef0ee0ca8fd8036ccb61c6f9b728158ce
Patch207: bind-9.18-CVE-2024-4076.patch
%{?systemd_ordering} %{?systemd_ordering}
Requires: coreutils Requires: coreutils
@ -481,6 +483,7 @@ in HTML and PDF format.
%patch204 -p1 -b .CVE-2023-6516-test %patch204 -p1 -b .CVE-2023-6516-test
%patch205 -p1 -b .CVE-2024-1975 %patch205 -p1 -b .CVE-2024-1975
%patch206 -p1 -b .CVE-2024-1737 %patch206 -p1 -b .CVE-2024-1737
%patch207 -p1 -b .CVE-2024-4076
%if %{with PKCS11} %if %{with PKCS11}
%patch135 -p1 -b .config-pkcs11 %patch135 -p1 -b .config-pkcs11
@ -1208,6 +1211,7 @@ fi;
* Thu Jul 18 2024 Petr Menšík <pemensik@redhat.com> - 32:9.16.23-0.20 * Thu Jul 18 2024 Petr Menšík <pemensik@redhat.com> - 32:9.16.23-0.20
- Resolve CVE-2024-1975 - Resolve CVE-2024-1975
- Resolve CVE-2024-1737 - Resolve CVE-2024-1737
- Resolve CVE-2024-4076
* Wed May 15 2024 Petr Menšík <pemensik@redhat.com> - 32:9.16.23-0.19 * Wed May 15 2024 Petr Menšík <pemensik@redhat.com> - 32:9.16.23-0.19
- Add few more explicit conflicts with bind subpackages (RHEL-2208) - Add few more explicit conflicts with bind subpackages (RHEL-2208)