View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0000475 | AlmaLinux-8 | bind | public | 2024-08-28 14:19 | 2024-08-31 03:21 |
Reporter | rabah | Assigned To | |||
Priority | high | Severity | major | Reproducibility | always |
Status | new | Resolution | open | ||
OS | AlmaLinux | OS Version | 8.10 | ||
Summary | 0000475: Bug Report: BIND Update Issue. | ||||
Description | Update for BIND on RHEL 8 (Issued: 2024-08-19) The update addresses two CVEs: - CVE-2024-1737 - CVE-2024-1975 Issue Observed: After applying this update, BIND fails to function correctly when handling a zone file containing approximately 300 or more entries. Affected Version: BIND version 9.11.36-RedHat-9.11.36-16.el8_10.2. Environment: AlmaLinux 8.10 (Cerulean Leopard). Temporary Resolution: Downgrading BIND to version 9.11.36-RedHat-9.11.36-14.el8_10 resolves the issue. | ||||
Steps To Reproduce | 1. Apply the BIND update to version 9.11.36-RedHat-9.11.36-16.el8_10.2. 2. Use a zone file with approximately 300 entries or more. 3. Restart the service. 4. Observe that the service fails to function correctly. | ||||
Additional Information | It appears that the limit on the number of records is hardcoded into the BIND package by RHEL and can't be changed without manually rebuilding it. Unfortunately, in version 9.11, these limits can only be set at compile time because the BIND developers chose not to backport the 'max-types-per-name' and 'max-records-per-type' options. | ||||
Tags | No tags attached. | ||||
abrt_hash | |||||
URL | |||||
|
There are two environment variables, DNS_RBTDB_MAX_RTYPES and DNS_RDATASET_MAX_RECORDS, that you can use to change the limit. https://gitlab.com/redhat/centos-stream/rpms/bind/-/blob/c8s/bind-9.11-CVE-2024-1737-runtime-env.patch |