Alerts This Week
Warning Icon 1 540
Alerts This Week
Warning Icon 1 540

Fedora 41: 2025-3551f3ba1b moderate: BIND DNS Fixes for Flooding

fedora
Calendar Grey February 12, 2025
Dist Fedora Esm H88
The latest update for BIND 9.16.33 in Fedora 41 resolves DNS flooding vulnerabilities and improves overall security, as stated in advisory FEDORA-2025-3551f3ba1b.
Update to 9.16.33 (#2342784) Security Fixes: DNS-over-HTTPS flooding fixes

Summary

BIND (Berkeley Internet Name Domain) is an implementation of the DNS

(Domain Name System) protocols. BIND includes a DNS server (named),

which resolves host names to IP addresses; a resolver library

(routines for applications to use when interfacing with DNS); and

tools for verifying that the DNS server is operating properly.

Update Information:

Update to 9.16.33 (#2342784) Security Fixes: DNS-over-HTTPS flooding fixes. (CVE-2024-12705) Limit additional section processing for large RDATA sets. (CVE-2024-11187) New Features: Add a new option to configure the maximum number of outgoing queries per client request. Bug Fixes: Fix nsupdate hang when processing a large update. Fix possible assertion failure when reloading server while processing update policy rules. [GL #5006] Fix dnssec-signzone signing non-DNSKEY RRsets with revoked keys. Fix improper handling of unknown directives in resolv.conf. Upstream Release Notes

Topics%20covered

Topics Covered

security advisory fedora service update dns flooding fix rdata limits

Change Log

* Sun Feb 2 2025 Petr Menšík - 32:9.18.33-1 - Update to 9.16.33 (rhbz#2342784) * Fri Jan 17 2025 Petr Menšík - 32:9.18.32-4 - Add sysusers named user creation (rhbz#2105415) * Thu Dec 12 2024 Petr Menšík - 32:9.18.32-1 - Update to 9.18.32 (#2331675) - Remove CHANGES file from package - Disable DLZ plugins, they are not shipped with bind anymore
- Add new root key 38696 into package files too * Thu Dec 12 2024 Petr Menšík - 32:9.18.31-3 - Disable temporarily PDF generation on all platforms * Wed Dec 4 2024 Petr Menšík - 32:9.18.31-2 - Add nsupdate TLS support (FREEIPA-11706) - Include a test for nsupdate changes * Thu Nov 14 2024 Petr Menšík - 32:9.18.31-1 - Update to 9.18.31 (#2319214) * Thu Nov 14 2024 Petr Menšík - 32:9.18.30-3 - Bump obsoleted license version (rhbz#2308102) * Tue Oct 8 2024 Petr Menšík - 32:9.18.30-2 - Make OpenSSL engine support optional

References


[ 1 ] Bug #2319214 - bind-9.18.31 is available https://bugzilla.redhat.com/show_bug.cgi?id=2319214 [ 2 ] Bug #2331675 - bind-9.18.32 is available https://bugzilla.redhat.com/show_bug.cgi?id=2331675 [ 3 ] Bug #2342784 - bind-9.18.33 is available https://bugzilla.redhat.com/show_bug.cgi?id=2342784 [ 4 ] Bug #2342883 - CVE-2024-12705 bind: DNS-over-HTTPS implementation suffers from multiple issues under heavy query load [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2342883 [ 5 ] Bug #2342891 - CVE-2024-11187 bind: Many records in the additional section cause CPU exhaustion [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2342891

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-3551f3ba1b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Name: bind
Product: Fedora 41
Version: 9.18.33
Release: 1.fc41
URL: https://www.isc.org/bind/
Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server

Topics%20covered

Topics Covered

security advisory fedora service update dns flooding fix rdata limits

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here