Bug 2218464

Summary: push 9.18.16 to stable - CVE-2023-2828, CVE-2023-2829 and CVE-2023-2911
Product: [Fedora] Fedora Reporter: customercare
Component: bindAssignee: Petr Menšík <pemensik>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 37CC: anon.amish, dns-sig, mruprich, pemensik, vonsch, zdohnal
Target Milestone: ---Keywords: Security, SecurityTracking
Target Release: ---   
Hardware: All   
OS: Linux   
URL: https://kb.isc.org/v1/docs/cve-2023-2828
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-07-01 04:28:07 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2216627, 2216630    
Bug Blocks:    

Description customercare 2023-06-29 09:07:06 UTC 
Hi,

"Tracked as CVE-2023-2828, CVE-2023-2829 and CVE-2023-2911, these high-severity issues could be exploited to exhaust the available memory, or could cause named – BIND’s daemon that functions both as a recursive resolver and as an authoritative name server – to crash."

9.18.16-1 fc37 is now running on our central dns cacheserver, with no issues yet. 
I suggest to push it now to stable instead of waiting for the 14d autocommit, as the DoS risk is high.

Reproducible: Always
Comment 1 Petr Menšík 2023-07-01 04:27:09 UTC 
CVE-2023-2829 does not affect any Fedora release. Pushed already to stable.
Comment 2 Petr Menšík 2023-07-01 04:28:07 UTC 

*** This bug has been marked as a duplicate of bug 2216462 ***