The dnspython stub resolver is vulnerable to a potential DoS if a bad-in-some-way response from the right address and port forged by an attacker arrives before a legitimate one on the UDP port dnspython happens to be using for that single query.
Created python-dnslib tracking bugs for this issue: Affects: fedora-all [bug 2274521]
opened by mistake. closing.
References: https://www.dnspython.org/news/2.6.0rc1/ https://github.com/rthalley/dnspython/commit/f66e25b5f549acf66d1fb6ead13eb3cff7d09af3 (v2.6.0rc1) https://github.com/rthalley/dnspython/commit/e093299a49967696b1c58b68e4767de5031a3e46 (v2.6.0) https://github.com/rthalley/dnspython/issues/1051#issuecomment-1949383928 https://github.com/eventlet/eventlet/issues/913 https://github.com/eventlet/eventlet/releases/tag/v0.35.2
Created 2ping tracking bugs for this issue: Affects: fedora-all [bug 2274682] Created python-b4 tracking bugs for this issue: Affects: epel-all [bug 2274681] Created python-dns tracking bugs for this issue: Affects: fedora-all [bug 2274685] Created python3.11-dns-epel tracking bugs for this issue: Affects: epel-all [bug 2274683] Created python39-dns tracking bugs for this issue: Affects: epel-all [bug 2274684]
Why is the python-b4 bug cut? As you can see it just BuildRequires and Requires python3dist(dnspython) - it does not bundle it. Fixing dnspython would be sufficient ❯ fedrq pkgs --src python-b4 -F requires python3-devel python3dist(packaging) pyproject-rpm-macros python3dist(wheel) python3dist(pytest) gnupg2 python3dist(pip) >= 19 (python3dist(tomli) if python3-devel < 3.11) python3dist(setuptools) >= 40.8 (python3dist(requests) < 3~~ with python3dist(requests) >= 2.24) (python3dist(dkimpy) < 2~~ with python3dist(dkimpy) >= 1) (python3dist(dnspython) < 3~~ with python3dist(dnspython) >= 2.1) (python3dist(git-filter-repo) < 3~~ with python3dist(git-filter-repo) >= 2.30) (python3dist(patatt) < 2~~ with python3dist(patatt) >= 0.6) ❯ fedrq pkgs b4 -F requires /usr/bin/python3 python(abi) = 3.12 (python3.12dist(requests) < 3~~ with python3.12dist(requests) >= 2.24) (python3.12dist(dkimpy) < 2~~ with python3.12dist(dkimpy) >= 1) (python3.12dist(dnspython) < 3~~ with python3.12dist(dnspython) >= 2.1) (python3.12dist(git-filter-repo) < 3~~ with python3.12dist(git-filter-repo) >= 2.30) (python3.12dist(patatt) < 2~~ with python3.12dist(patatt) >= 0.6)
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:3275 https://access.redhat.com/errata/RHSA-2024:3275
This issue has been addressed in the following products: Red Hat Ansible Automation Platform 2.4 for RHEL 8 Red Hat Ansible Automation Platform 2.4 for RHEL 9 Via RHSA-2024:3483 https://access.redhat.com/errata/RHSA-2024:3483