Fedora alert FEDORA-2025-3551f3ba1b (bind)
| From: | updates--- via package-announce <package-announce@lists.fedoraproject.org> | |
| To: | package-announce@lists.fedoraproject.org | |
| Subject: | [SECURITY] Fedora 41 Update: bind-9.18.33-1.fc41 | |
| Date: | Wed, 12 Feb 2025 01:37:56 +0000 | |
| Message-ID: | <20250212013756.E0B0820F5397@bastion01.iad2.fedoraproject.org> | |
| Archive-link: | Article | 
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-3551f3ba1b 2025-02-12 01:35:52.622127+00:00 -------------------------------------------------------------------------------- Name : bind Product : Fedora 41 Version : 9.18.33 Release : 1.fc41 URL : https://www.isc.org/downloads/bind/ Summary : The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server Description : BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating properly. -------------------------------------------------------------------------------- Update Information: Update to 9.16.33 (#2342784) Security Fixes: DNS-over-HTTPS flooding fixes. (CVE-2024-12705) Limit additional section processing for large RDATA sets. (CVE-2024-11187) New Features: Add a new option to configure the maximum number of outgoing queries per client request. Bug Fixes: Fix nsupdate hang when processing a large update. Fix possible assertion failure when reloading server while processing update policy rules. [GL #5006] Fix dnssec-signzone signing non-DNSKEY RRsets with revoked keys. Fix improper handling of unknown directives in resolv.conf. Upstream Release Notes -------------------------------------------------------------------------------- ChangeLog: * Sun Feb 2 2025 Petr Menšík <pemensik@redhat.com> - 32:9.18.33-1 - Update to 9.16.33 (rhbz#2342784) * Fri Jan 17 2025 Petr Menšík <pemensik@redhat.com> - 32:9.18.32-4 - Add sysusers named user creation (rhbz#2105415) * Thu Dec 12 2024 Petr Menšík <pemensik@redhat.com> - 32:9.18.32-1 - Update to 9.18.32 (#2331675) - Remove CHANGES file from package - Disable DLZ plugins, they are not shipped with bind anymore - Add new root key 38696 into package files too * Thu Dec 12 2024 Petr Menšík <pemensik@redhat.com> - 32:9.18.31-3 - Disable temporarily PDF generation on all platforms * Wed Dec 4 2024 Petr Menšík <pemensik@redhat.com> - 32:9.18.31-2 - Add nsupdate TLS support (FREEIPA-11706) - Include a test for nsupdate changes * Thu Nov 14 2024 Petr Menšík <pemensik@redhat.com> - 32:9.18.31-1 - Update to 9.18.31 (#2319214) * Thu Nov 14 2024 Petr Menšík <pemensik@redhat.com> - 32:9.18.30-3 - Bump obsoleted license version (rhbz#2308102) * Tue Oct 8 2024 Petr Menšík <pemensik@redhat.com> - 32:9.18.30-2 - Make OpenSSL engine support optional -------------------------------------------------------------------------------- References: [ 1 ] Bug #2319214 - bind-9.18.31 is available https://bugzilla.redhat.com/show_bug.cgi?id=2319214 [ 2 ] Bug #2331675 - bind-9.18.32 is available https://bugzilla.redhat.com/show_bug.cgi?id=2331675 [ 3 ] Bug #2342784 - bind-9.18.33 is available https://bugzilla.redhat.com/show_bug.cgi?id=2342784 [ 4 ] Bug #2342883 - CVE-2024-12705 bind: DNS-over-HTTPS implementation suffers from multiple issues under heavy query load [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2342883 [ 5 ] Bug #2342891 - CVE-2024-11187 bind: Many records in the additional section cause CPU exhaustion [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2342891 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-3551f3ba1b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgr... All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------
Attachment: None (type=text/plain)
-- _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-cond... List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-ann... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
 
           