2218464 – push 9.18.16 to stable - CVE-2023-2828, CVE-2023-2829 and CVE-2023-2911

Bug 2218464 - push 9.18.16 to stable - CVE-2023-2828, CVE-2023-2829 and CVE-2023-2911

Summary: push 9.18.16 to stable - CVE-2023-2828, CVE-2023-2829 and CVE-2023-2911

Keywords:
Status:	CLOSED DUPLICATE of bug 2216462
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	bind
Sub Component:
Version:	37
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	urgent
Target Milestone:	---
Assignee:	Petr Menšík
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:	https://kb.isc.org/v1/docs/cve-2023-2828
Whiteboard:
Depends On:	2216627 2216630
Blocks:
TreeView+	depends on / blocked

Reported:	2023-06-29 09:07 UTC by customercare
Modified:	2023-07-01 04:28 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2023-07-01 04:28:07 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description customercare 2023-06-29 09:07:06 UTC

Hi,

"Tracked as CVE-2023-2828, CVE-2023-2829 and CVE-2023-2911, these high-severity issues could be exploited to exhaust the available memory, or could cause named – BIND’s daemon that functions both as a recursive resolver and as an authoritative name server – to crash."

9.18.16-1 fc37 is now running on our central dns cacheserver, with no issues yet. 
I suggest to push it now to stable instead of waiting for the 14d autocommit, as the DoS risk is high.

Reproducible: Always

Comment 1 Petr Menšík 2023-07-01 04:27:09 UTC

CVE-2023-2829 does not affect any Fedora release. Pushed already to stable.

Comment 2 Petr Menšík 2023-07-01 04:28:07 UTC


*** This bug has been marked as a duplicate of bug 2216462 ***

Note You need to log in before you can comment on or make changes to this bug.