FEDORA-2018-f22b937f52

security update in Fedora 28 for bind

Status: stable a year ago
  • Update to bind-9.11.4-P2
  • Add /dev/urandom to chroot (#1631515)
  • Fix multilib conflicts of devel package
  • Add support for OpenSSL provided random data

How to install

sudo dnf upgrade --advisory=FEDORA-2018-f22b937f52

Comments 18

This update has been submitted for testing by pemensik.

This update has been pushed to testing.

pemensik edited this update.

New build(s):

  • bind-9.11.4-10.P2.fc28

Removed build(s):

  • bind-9.11.4-9.P2.fc28

Karma has been reset.

This update has been submitted for testing by pemensik.

This update has been pushed to testing.

I got the following error involving bind-export-libs-32:9.11.4-9.P2.fc28 when running sudo dnf upgrade --refresh ... Cleanup : bind-export-libs-32:9.11.4-9.P2.fc28.i686 71/72 Running scriptlet: bind-export-libs-32:9.11.4-9.P2.fc28.i686 71/72 /sbin/ldconfig: relative path `1' used to build cache warning: %postun(bind-export-libs-32:9.11.4-9.P2.fc28.i686) scriptlet failed, exit status 1 Non-fatal POSTUN scriptlet failure in rpm package bind-export-libs Non-fatal POSTUN scriptlet failure in rpm package bind-export-libs

I don't remember seeing that error with the bind-9.11.4-9.P2.fc28 update.

The urandom device in chroot environment is being created using the wrong selinux type, which is preventing named-chroot service from starting.

karma: -1 #1631515: -1

Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.

works for me in a VM

karma: +1

works for me

karma: +1

Works great! LGTM! =)

karma: +1

no regressions noted

karma: +1

This update has reached the stable karma threshold and can be pushed to stable now if the maintainer wishes.

No issues found with the utils.

karma: +1

I admit the fix is incomplete. Because update is already pushed into f29 and it cannot be fixed just inside bind, I will push this update anyway. It fixes at least named service, but named-chroot still requires manual intervention. Please check https://bugzilla.redhat.com/show_bug.cgi?id=1631515#c16 for workaround. The last bug is reopened and would receive another update.

#1631515: -1

This update has been submitted for batched by pemensik.

This update has been submitted for stable by bodhi.

This update has been pushed to stable.

Add Comment & Feedback

Please login to add feedback.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
medium
Karma
+4
stable threshold: 3
unstable threshold: -3
Autopush (karma)
Disabled
Autopush (time)
Disabled
Dates
submitted a year ago
in testing a year ago
in stable a year ago
modified a year ago

Related Bugs 4

00 #1580200 Missing IDNA handling in host(1) for reverse DNS (and different output at forward DNS)
00 #1631131 CVE-2018-5741 bind: Incorrect documentation of krb5-subdomain and ms-subdomain update policies
00 #1631132 CVE-2018-5741 bind: Incorrect documentation of krb5-subdomain and ms-subdomain update policies [fedora-all]
-20 #1631515 bind-chroot: OpenSSL pseudorandom number generator cannot be initialized

Automated Test Results