A flaw was found in Bind. A failure to free memory can occur when processing messages having a specific combination of EDNS options, causing named's memory use to grow without bounds until all memory is exhausted.
Created bind tracking bugs for this issue:
Affects: fedora-all [bug 1679925]
Created bind99 tracking bugs for this issue:
Affects: fedora-all [bug 1679926]
Ok, Fedora bugs are already prepared, it is public. Patches apply well to 9.11 bind in RHEL8. Where are bugs for RHEL?
Upstream advisory notes the following versions as being affected by this issue:
9.10.7 -> 9.10.8-P1
9.11.3 -> 9.11.5-P1
9.12.0 -> 9.12.3-P1
9.10.7-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition
9.13.0 -> 9.13.6 of the 9.13 development branch
The versions of bind as shipped in Red Hat Enterprise Linux are based on older upstream versions - 9.9.4 for Red Hat Enterprise Linux 7 and 9.8.2 for Red Hat Enterprise Linux 6.
Related upstream commits (on 9.11 branch):
The patch changes the code introduced in the following commit:
This functionality was introduced in upstream versions 9.11.3 and 9.10.7:
which matches the list of affected versions as noted in comment 5 above. This functionality does not exist in the bind packages in Red Hat Enterprise Linux 7 and earlier.
Versions of bind package shipped with Red Hat Enterprise Linux 5, 6, and 7 did not ship the vulnerable code and therefore are not affected by this flaw. For more details please refer to: https://bugzilla.redhat.com/show_bug.cgi?id=1679299#c7