[SECURITY] Fedora 37 Update: bind-dyndb-ldap-11.10-17.fc37

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-87502c4a93 2023-10-11 01:33:15.490299 -------------------------------------------------------------------------------- Name : bind-dyndb-ldap Product : Fedora 37 Version : 11.10 Release : 17.fc37 URL : https://releases.pagure.org/bind-dyndb-ldap Summary : LDAP back-end plug-in for BIND Description : This package provides an LDAP back-end plug-in for BIND. It features support for dynamic updates and internal caching, to lift the load off of your LDAP server. -------------------------------------------------------------------------------- Update Information: # BIND 9.18.19 ##Security Fixes - Previously, sending a specially crafted message over the control channel could cause the packet-parsing code to run out of available stack memory, causing named to terminate unexpectedly. This has been fixed. ([CVE-2023-3341](https://access.redhat.com/security/cve/CVE-2023-3341)) - A flaw in the networking code handling DNS-over-TLS queries could cause named to terminate unexpectedly due to an assertion failure under significant DNS-over- TLS query load. This has been fixed. ([CVE-2023-4236](https://access.redhat.com/security/cve/CVE-2023-4236)) - [Upstream release notes](https://downloads.isc.org/isc/bind9/9.18.19/doc/arm/htm l/notes.html#notes-for-bind-9-18-19) -------------------------------------------------------------------------------- ChangeLog: * Mon Sep 25 2023 Petr Men����k <pemensik(a)redhat.com&gt; - 11.10-17 - Support for bind 9.18.19 (#2232346) - Require autoconf-archive at build time -------------------------------------------------------------------------------- References: [ 1 ] Bug #2232346 - bind-9.18.19 is available https://bugzilla.redhat.com/show_bug.cgi?id=2232346 [ 2 ] Bug #2239874 - CVE-2023-3341 bind: insufficient input validation may lead to DoS [fedora-37] https://bugzilla.redhat.com/show_bug.cgi?id=2239874 [ 3 ] Bug #2239877 - CVE-2023-4236 bind: an assertion failure may lead to DoS [fedora-37] https://bugzilla.redhat.com/show_bug.cgi?id=2239877 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-87502c4a93' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------