Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora 41: FEDORA-2025-3551f3ba1b critical: DNS flooding fixes

fedora
Calendar Grey February 12, 2025
Dist Fedora Esm H88
Fedora 41 security update: recent improvements to bind-dyndb-ldap addressing DNS flooding vulnerabilities and introducing new functionalities.
Update to 9.16.33 (#2342784) Security Fixes: DNS-over-HTTPS flooding fixes

Summary

This package provides an LDAP back-end plug-in for BIND. It features

support for dynamic updates and internal caching, to lift the load

off of your LDAP server.

Update Information:

Update to 9.16.33 (#2342784) Security Fixes: DNS-over-HTTPS flooding fixes. (CVE-2024-12705) Limit additional section processing for large RDATA sets. (CVE-2024-11187) New Features: Add a new option to configure the maximum number of outgoing queries per client request. Bug Fixes: Fix nsupdate hang when processing a large update. Fix possible assertion failure when reloading server while processing update policy rules. [GL #5006] Fix dnssec-signzone signing non-DNSKEY RRsets with revoked keys. Fix improper handling of unknown directives in resolv.conf. Upstream Release Notes

Topics%20covered

Topics Covered

security advisory software update Fedora DNS authentication security fixes flooding

Change Log

* Mon Feb 3 2025 Petr Menšík - 11.10-33 - Rebuilt for BIND 9.16.33 (rhbz#2342784) * Thu Nov 14 2024 Petr Menšík - 11.10-32 - Rebuilt for BIND 9.18.31 (rhbz#2319214)

References


[ 1 ] Bug #2319214 - bind-9.18.31 is available https://bugzilla.redhat.com/show_bug.cgi?id=2319214 [ 2 ] Bug #2331675 - bind-9.18.32 is available https://bugzilla.redhat.com/show_bug.cgi?id=2331675 [ 3 ] Bug #2342784 - bind-9.18.33 is available https://bugzilla.redhat.com/show_bug.cgi?id=2342784 [ 4 ] Bug #2342883 - CVE-2024-12705 bind: DNS-over-HTTPS implementation suffers from multiple issues under heavy query load [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2342883 [ 5 ] Bug #2342891 - CVE-2024-11187 bind: Many records in the additional section cause CPU exhaustion [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2342891

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-3551f3ba1b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: bind-dyndb-ldap
Product: Fedora 41
Version: 11.10
Release: 33.fc41
URL: https://releases.pagure.org/bind-dyndb-ldap
Summary: LDAP back-end plug-in for BIND

Topics%20covered

Topics Covered

security advisory software update Fedora DNS authentication security fixes flooding

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here