CVE-2023-29483
Description
Moderate: python-dns security update
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Mitigation details
Description dnspython: denial of service in stub resolver Red Hat statement The vulnerability in dnspython where it may accept a malicious DNS response over a legitimate one due to timing issues poses a moderate severity risk. While the impact is limited to potential denial of service for DNS resolution requests, it requires precise timing and the ability to send malicious responses beforeβ¦
Description
dnspython: denial of service in stub resolver
Red Hat statement
The vulnerability in dnspython where it may accept a malicious DNS response over a legitimate one due to timing issues poses a moderate severity risk. While the impact is limited to potential denial of service for DNS resolution requests, it requires precise timing and the ability to send malicious responses before legitimate ones arrive. This attack vector relies on the attacker's ability to predict or manipulate the timing of DNS responses, making it more complex to exploit compared to other vulnerabilities. However, if successfully exploited, it can disrupt DNS resolution services, affecting the availability of the targeted domain or service.
CVSS v3: 5.9 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
Errata / fixed releases
| Product | Package | Advisory | Released |
|---|---|---|---|
| Red Hat Ansible Automation Platform 2.4 for RHEL 8 | ansible-automation-platform-24/ee-supported-rhel8:1.0.0-661 | RHSA-2024:3483 | 2024-05-30T00:00:00Z |
| Red Hat Ansible Automation Platform 2.4 for RHEL 9 | ansible-automation-platform-24/ee-supported-rhel9:1.0.0-660 | RHSA-2024:3483 | 2024-05-30T00:00:00Z |
| Red Hat Enterprise Linux 8 | python-dns-0:1.15.0-12.el8_10 | RHSA-2024:3275 | 2024-05-22T00:00:00Z |
| Red Hat Enterprise Linux 9 | python-dns-0:2.6.1-3.el9 | RHSA-2024:9423 | 2024-11-12T00:00:00Z |
| Red Hat OpenShift Container Platform 4.13 | openshift4/ose-ironic-rhel9:v4.13.0-202407230838.p0.g0456ffe.assembly.stream.el9 | RHSA-2024:4846 | 2024-07-31T00:00:00Z |
| Red Hat OpenShift Container Platform 4.14 | openshift4/ose-ironic-rhel9:v4.14.0-202407301840.p0.g2d4e89c.assembly.stream.el9 | RHSA-2024:4960 | 2024-08-07T00:00:00Z |
| Red Hat OpenShift Container Platform 4.15 | openshift4/ose-ironic-rhel9:v4.15.0-202407181606.p0.gea6d005.assembly.stream.el9 | RHSA-2024:4699 | 2024-07-25T00:00:00Z |
| Red Hat OpenShift Container Platform 4.16 | python-eventlet-0:0.33.1-6.el9 | RHSA-2024:0045 | 2024-06-27T00:00:00Z |
Package state
| Product | Package | State |
|---|---|---|
| Red Hat Ansible Automation Platform 2 | aap-cloud-metrics-collector-container | Affected |
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-24/ee-dellemc-openmanage-rhel8 | Not affected |
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-24/ee-minimal-rhel9 | Not affected |
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-24/platform-resource-runner-rhel8 | Not affected |
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-25/ansible-builder-rhel8 | Not affected |
| Red Hat Enterprise Linux 10 | python-dns | Not affected |
| Red Hat Enterprise Linux 7 | python-dns | Out of support scope |
| Red Hat Enterprise Linux 8 | python27:2.7/python-dns | Will not fix |
| Red Hat OpenStack Platform 17.1 | python-eventlet | Will not fix |
Apply commands
yum update -y ansible-automation-platform
# or:
dnf upgrade -y ansible-automation-platformAffected
| Vendor | Product | Version |
|---|---|---|
| redhat | Red Hat Ansible Automation Platform 2 | Affected |
| redhat | Red Hat Ansible Automation Platform 2 | Not affected |
| redhat | Red Hat Ansible Automation Platform 2 | Not affected |
| redhat | Red Hat Ansible Automation Platform 2 | Not affected |
| redhat | Red Hat Ansible Automation Platform 2 | Not affected |
| redhat | Red Hat Enterprise Linux 10 | Not affected |
OS impact
SUSE Affected 1 release
| Version | Status | Fixed in |
|---|---|---|
| β | Affected | β |
Debian Mixed 5 releases
| Version | Status | Fixed in |
|---|---|---|
| trixie | Fixed | 2.6.0-1 |
| sid | Fixed | 2.6.0-1 |
| forky | Fixed | 2.6.0-1 |
| bullseye | Affected | β |
| bookworm | Affected | β |
AlmaLinux Fixed 1 release
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | python3-dns-2.6.1-3.el9.noarch.rpm |
Red Hat Fixed 2 releases
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | β |
| 8 | Fixed | β |
Rocky Linux Fixed 2 releases
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | β |
| 8 | Fixed | β |
References
- https://nvd.nist.gov/vuln/detail/CVE-2023-29483
- https://github.com/eventlet/eventlet/issues/913
- https://github.com/rthalley/dnspython/issues/1045
- https://github.com/eventlet/eventlet/commit/51e3c4928d4938beb576eff34f3bf97e6e64e6b4
- https://github.com/rthalley/dnspython/commit/0ea5ad0a4583e1f519b9bcc67cfac381230d9cf2
- https://github.com/eventlet/eventlet
- https://github.com/eventlet/eventlet/releases/tag/v0.35.2
- https://github.com/rthalley/dnspython/releases/tag/v2.6.0
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NLRKR57IFVKQC2GCXZBFLCLBAWBWL3F6
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOHJOO3OM65UIUUUVDEXMCTXNM6LXZEH
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3BNSIK5NFYSAP53Y45GOCMOQHHDLGIF
- https://security.netapp.com/advisory/ntap-20240510-0001
- https://security.snyk.io/vuln/SNYK-PYTHON-DNSPYTHON-6241713
- https://www.dnspython.org
- https://access.redhat.com/errata/RHSA-2024:9423
- https://security-tracker.debian.org/tracker/CVE-2023-29483
- https://www.suse.com/security/cve/CVE-2023-29483.html
- https://errata.rockylinux.org/RLSA-2024:9423
- https://access.redhat.com/errata/RHSA-2024:3275
- https://bugzilla.redhat.com/2274520
- https://errata.almalinux.org/8/ALSA-2024-3275.html
- https://errata.almalinux.org/9/ALSA-2024-9423.html
- https://errata.rockylinux.org/RLSA-2024:3275
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.