--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2021-75d5f6c531
2021-12-17 01:10:41.102382
--------------------------------------------------------------------------------
Name : ldns
Product : Fedora 35
Version : 1.8.1
Release : 3.fc35
URL :
https://www.nlnetlabs.nl/ldns/
Summary : Low-level DNS(SEC) library with API
Description :
ldns is a library with the aim to simplify DNS programming in C. All
low-level DNS/DNSSEC operations are supported. We also define a higher
level API which allows a programmer to (for instance) create or sign
packets.
--------------------------------------------------------------------------------
Update Information:
Rebase to 1.8.1 - fixes few security bugs (#2028468,#2028465,#2028472), enable
svcb and https record type support
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 8 2021 Richard Lescak <rlescak(a)redhat.com> - 1.8.1-3
- Replaced 'make_build' macro with 'make' to prevent build from failing
* Mon Dec 6 2021 Petr Men����k <pemensik(a)redhat.com> - 1.8.1-2
- Enable svcb and https record type support
- Remove multilib conflict in ldns-devel
* Mon Dec 6 2021 Paul Wouters <paul.wouters(a)aiven.io> - 1.8.1-1
- Resolves: rhbz#2028465 Heap out-of-bound read vulnerability in rr_frm_str_internal
function
- Resolves: rhbz#2028468 Heap out-of-bound read vulnerability in ldns_nsec3_salt_data
function
- Resolves: rhbz#2028472 Fixed time memory compare for Openssl 0.9.8
* Mon Oct 11 2021 Richard Lescak <rlescak(a)redhat.com> - 1.7.1-10
- Added patch for failing rebuild with OpenSSL 3.0.0 (#2010601)
* Tue Sep 14 2021 Sahana Prasad <sahana(a)redhat.com> - 1.7.1-9
- Rebuilt with OpenSSL 3.0.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2028465 - ldns: Heap out-of-bound read vulnerability in rr_frm_str_internal
function
https://bugzilla.redhat.com/show_bug.cgi?id=2028465
[ 2 ] Bug #2028468 - ldns: Heap out-of-bound read vulnerability in ldns_nsec3_salt_data
function
https://bugzilla.redhat.com/show_bug.cgi?id=2028468
[ 3 ] Bug #2028472 - ldns: Fixed time memory compare for Openssl 0.9.8
https://bugzilla.redhat.com/show_bug.cgi?id=2028472
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-75d5f6c531' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------