As per upstream report: DNAME records, described in RFC 6672, provide a way to redirect a subtree of the domain name tree in the DNS. A flaw in the way named processes these records may trigger an attempt to add the same RRset to the ANSWER section more than once. This causes an assertion check in BIND to fail. DNAME records are processed by both authoritative and recursive servers. For authoritative servers, the DNAME record triggering the flaw can be retrieved from a zone database. For servers performing recursion, such a record is processed in the course of a query sent to an authoritative server.
Acknowledgments: Name: ISC Upstream: Siva Kakarla
Created attachment 1775848 [details] Patch against 9.11
External References: https://kb.isc.org/docs/cve-2021-25215
Created bind tracking bugs for this issue: Affects: fedora-all [bug 1954903]
Mitigation: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Extended Lifecycle Support Via RHSA-2021:1468 https://access.redhat.com/errata/RHSA-2021:1468
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:1469 https://access.redhat.com/errata/RHSA-2021:1469
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-25215
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.2 Advanced Update Support Via RHSA-2021:1476 https://access.redhat.com/errata/RHSA-2021:1476
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.3 Advanced Update Support Via RHSA-2021:1475 https://access.redhat.com/errata/RHSA-2021:1475
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.4 Advanced Update Support Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions Red Hat Enterprise Linux 7.4 Telco Extended Update Support Via RHSA-2021:1479 https://access.redhat.com/errata/RHSA-2021:1479
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Extended Update Support Via RHSA-2021:1477 https://access.redhat.com/errata/RHSA-2021:1477
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Extended Update Support Via RHSA-2021:1478 https://access.redhat.com/errata/RHSA-2021:1478
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:1989 https://access.redhat.com/errata/RHSA-2021:1989
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2021:2028 https://access.redhat.com/errata/RHSA-2021:2028
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:2024 https://access.redhat.com/errata/RHSA-2021:2024