Issue
Would TuxCare release a fix for CVE-2025-40778 on CentOS 7?
Environment
- CentOS 7 ELS
Solution
The patch from CentOS8 cannot be used with adaptation in the CentOS7 bind due to a major change introduced in the 9.11.26 (CentOS 8) version compared with 9.11.4 (CentOS 7). The essence of the changes is not only bug fixes related to the minor version change, but a complex refactoring which new features are involved in the discussed patch. Our attempts to adapt and apply the patch led to breaking several built tests, making this solution not reliable enough.
In addition, all potential solutions (including Red Hat’s patches) create issues with the cacheclean tests and require further implementation of the updated DNS cookies mechanics.
There are necessary architecture changes that affect DNS caching sufficiently. The proposed changes are constantly breaking tests and are not reliable enough. As a result, it may influence performance or cause delays in production systems. We decided not to fix this CVE for the aforementioned reasons.
Comments
0 comments
Article is closed for comments.