This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-35. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message.
Use the following template to for the 'fedpkg update' request to submit an update for this issue as it contains the top-level parent bug(s) as well as this tracking bug. This will ensure that all associated bugs get updated when new packages are pushed to stable. ===== # bugfix, security, enhancement, newpackage (required) type=security # low, medium, high, urgent (required) severity=medium # testing, stable request=testing # Bug numbers: 1234,9876 bugs=2064512,2072541 # Description of your update notes=Security fix for [PUT CVEs HERE] # Enable request automation based on the stable/unstable karma thresholds autokarma=True stable_karma=3 unstable_karma=-3 # Automatically close bugs when this marked as stable close_bugs=True # Suggest that users restart after update suggest_reboot=False ====== Additionally, you may opt to use the bodhi web interface to submit updates: https://bodhi.fedoraproject.org/updates/new
Wanted to double-check dhcp is really affected by this bind bug and yes, dhcp can call the fixed answer_response() function through: dns_client_startupdate -> startupdate -> send_update -> update_done -> dns_request_getresponse -> dns_message_parse -> getquestions -> findname -> fctx_finddone -> fctx_try -> fctx_query -> resquery_send -> resquery_response -> answer_response dns_client_startupdate() gets called by dhclient & dhcpd (tested on rhel8 as bind libs are still dynamically loaded there): ~~~ # readelf --dyn-syms --wide /usr/sbin/dhcpd | grep dns_client_startupdate 165: 0000000000000000 0 FUNC GLOBAL DEFAULT UND dns_client_startupdate # readelf --dyn-syms --wide /usr/sbin/dhclient | grep dns_client_startupdate 111: 0000000000000000 0 FUNC GLOBAL DEFAULT UND dns_client_startupdate # ~~~ Functions calling this function: dns_client_startupdate File Function Line 0 bind-9.11.36/lib/dns/client.c dns_client_update 2773 result = dns_client_startupdate(client, rdclass, zonename, 1 dhcp-4.4.3/common/dns.c trace_ddns_output_write 498 result = dns_client_startupdate(client, rdclass, zonename, C symbol: trace_ddns_output_write File Function Line 0 dhcp-4.4.3/common/dns.c trace_ddns_output_write 436 trace_ddns_output_write(dns_client_t *client, dns_rdataclass_t rdclass, 1 dhcp-4.4.3/common/dns.c ddns_update 549 #define ddns_update trace_ddns_output_write Functions calling this function: ddns_update File Function Line 0 dhcp-4.4.3/common/dns.c ddns_modify_fwd 2727 result = ddns_update(dhcp_gbl_ctx.dnsclient, 1 dhcp-4.4.3/common/dns.c ddns_modify_ptr 2922 result = ddns_update((dns_client_t *)dhcp_gbl_ctx.dnsclient, Functions calling this function: ddns_modify_fwd File Function Line 0 dhcp-4.4.3/client/dhclient.c client_dns_remove_action 5573 result = ddns_modify_fwd(ddns_cb, MDL); 1 dhcp-4.4.3/client/dhclient.c client_dns_update_action 5770 result = ddns_modify_fwd(ddns_cb, MDL); 2 dhcp-4.4.3/client/dhclient.c client_dns_update 5943 rcode = ddns_modify_fwd(ddns_cb, MDL); 3 dhcp-4.4.3/common/dns.c ddns_interlude 2485 result = ddns_modify_fwd(ddns_cb, MDL); ... a dhcp-4.4.3/server/ddns.c ddns_fwd_srv_add2 1482 result = ddns_modify_fwd(ddns_cb, MDL); b dhcp-4.4.3/server/ddns.c ddns_fwd_srv_add1 1566 result = ddns_modify_fwd(ddns_cb, MDL); c dhcp-4.4.3/server/ddns.c ddns_fwd_srv_connector 1709 result = ddns_modify_fwd(ddns_cb, MDL); d dhcp-4.4.3/server/ddns.c ddns_fwd_srv_rem1 1828 result = ddns_modify_fwd(ddns_cb, MDL); e dhcp-4.4.3/server/ddns.c ddns_fwd_srv_rem1 1849 result = ddns_modify_fwd(ddns_cb, MDL); f dhcp-4.4.3/server/ddns.c ddns_removals 2158 rcode = ddns_modify_fwd(ddns_cb, MDL);
FEDORA-2022-3f293290c3 has been submitted as an update to Fedora 36. https://bodhi.fedoraproject.org/updates/FEDORA-2022-3f293290c3
FEDORA-2022-a88218de5c has been submitted as an update to Fedora 35. https://bodhi.fedoraproject.org/updates/FEDORA-2022-a88218de5c
FEDORA-2022-3f293290c3 has been pushed to the Fedora 36 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2022-3f293290c3` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-3f293290c3 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2022-a88218de5c has been pushed to the Fedora 35 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2022-a88218de5c` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-a88218de5c See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2022-a88218de5c has been pushed to the Fedora 35 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2022-3f293290c3 has been pushed to the Fedora 36 stable repository. If problem still persists, please make note of it in this bug report.