View Issue Details

IDProjectCategoryView StatusLast Update
0000475AlmaLinux-8bindpublic2024-08-31 03:21
Reporterrabah Assigned To 
PriorityhighSeveritymajorReproducibilityalways
Status newResolutionopen 
OSAlmaLinux OS Version8.10 
Summary0000475: Bug Report: BIND Update Issue.
DescriptionUpdate for BIND on RHEL 8 (Issued: 2024-08-19)

The update addresses two CVEs:

- CVE-2024-1737
- CVE-2024-1975

Issue Observed: After applying this update, BIND fails to function correctly when handling a zone file containing approximately 300 or more entries.

Affected Version: BIND version 9.11.36-RedHat-9.11.36-16.el8_10.2.

Environment: AlmaLinux 8.10 (Cerulean Leopard).

Temporary Resolution: Downgrading BIND to version 9.11.36-RedHat-9.11.36-14.el8_10 resolves the issue.
Steps To Reproduce1. Apply the BIND update to version 9.11.36-RedHat-9.11.36-16.el8_10.2.
2. Use a zone file with approximately 300 entries or more.
3. Restart the service.
4. Observe that the service fails to function correctly.
Additional InformationIt appears that the limit on the number of records is hardcoded into the BIND package by RHEL and can't be changed without manually rebuilding it. Unfortunately, in version 9.11, these limits can only be set at compile time because the BIND developers chose not to backport the 'max-types-per-name' and 'max-records-per-type' options.
TagsNo tags attached.
abrt_hash
URL

Activities

pastalian

2024-08-31 03:21

reporter   ~0001059

There are two environment variables, DNS_RBTDB_MAX_RTYPES and DNS_RDATASET_MAX_RECORDS, that you can use to change the limit.
https://gitlab.com/redhat/centos-stream/rpms/bind/-/blob/c8s/bind-9.11-CVE-2024-1737-runtime-env.patch

Issue History

Date Modified Username Field Change
2024-08-28 14:19 rabah New Issue
2024-08-31 03:21 pastalian Note Added: 0001059