KeyTrap - Extreme CPU consumption in DNSSEC validator. Preparing an
NSEC3 closest encloser proof can exhaust CPU resources.
6322. [security] Specific DNS answers could cause a denial-of-service
condition due to DNS validation taking a long time.
(CVE-2023-50387) [GL #4424]
Resolves: RHEL-25403 RHEL-25392
; Resolves: CVE-2023-50868 CVE-2023-50387
6319. [security] Query patterns that continuously triggered cache
database maintenance could exhaust all available memory
on the host running named. (CVE-2023-6516) [GL #4383]
Resolves: RHEL-25381
; Resolves: CVE-2023-6516
Enabling both DNS64 and serve-stale may cause an assertion failure
during recursive resolution.
6317. [security] Restore DNS64 state when handling a serve-stale timeout.
(CVE-2023-5679) [GL #4334]
Resolves: RHEL-25370
; Resolves: CVE-2023-5679
RFC 1918 reverse zones
6316. [security] Specific queries could trigger an assertion check with
nxdomain-redirect enabled. (CVE-2023-5517) [GL #4281]
Resolves: RHEL-25359
; Resolves: CVE-2023-5517
6315. [security] Speed up parsing of DNS messages with many different
names. (CVE-2023-4408) [GL #4234]
6321. [security] Change 6315 inadvertently introduced regressions that
could cause named to crash. [GL #4234]
6343. [bug] Fix case insensitive setting for isc_ht hashtable.
Resolves: RHEL-25348
; Resolves: CVE-2023-4408
6190. [security] Improve the overmem cleaning process to prevent the
cache going over the configured limit. (CVE-2023-2828)
[GL #4055]
Resolves: rhbz#2216654
