Univention Bugzilla – Bug 29155
bind9: Multiple issues (3.1)
Last modified: 2013-05-30 15:08:36 CEST
+++ This bug was initially created as a clone of Bug #28106 +++ Große Mengen von DNSSEC-Validierungsanfragen können zu DoS durch ein fehlerhaftes assert() führen. (CVE-2012-3817) Ein zu striktes assert() erlaubt Denial of Service gegen rekursive Nameserver (CVE-2012-4244) Denial of Service im Handling von RDATA-Records (CVE-2012-5166)
Eine weitere für UCS harmlose Lücke (die betroffene Option ist in der UCS-Konfiguration nicht aktiviert): DoS in der Verarbeitung von DNS64-Paketen (CVE-2012-5688) 2.4 ist nicht betroffen.
Denial of Service in the DNS64 implementation (CVE-2012-5689) The Bind version in UCS 2.4 is not affected.
Created attachment 5105 [details] updated db.root This bugfix was part of the Debian Squeeze point update 6.0.7 and should be merged in the next errata update for bind9
DoS through memory consumption in libdns (CVE-2013-2494) (the version from UCS 2.4 is not affected)
(In reply to comment #4) > DoS through memory consumption in libdns (CVE-2013-2494) (the version from UCS > 2.4 is not affected) CVE-2013-2494 is for isc-dhcp (which is not affected in the version (< 4.2) in UCS) This issue for bind9 is CVE-2013-2266
(In reply to comment #2) > Denial of Service in the DNS64 implementation (CVE-2012-5689) There is no code fix available for this issue. ISC only issued a workaround when publishing their advisory: https://kb.isc.org/article/AA-00855 As such, we won't fix it in this security update either (DNS64 and Response Policy Zones aren't used in UCS anyway).
Patches have been extracted and merged into SVN. The package still needs to be build and tested.
Tests with the LDAP and the Samba backend were successful. YAML file has been commited to SVN.
Additional note for QA: The debs and the source have been copied to /var/univention/buildsystem2/apt/ucs_3.1-0-ucs3.1-2
Advisory: OK Installation: OK
Tests (amd64) with ldap and samba4 backend: OK (In reply to comment #9) > Additional note for QA: > The debs and the source have been copied to > /var/univention/buildsystem2/apt/ucs_3.1-0-ucs3.1-2 OK
http://univention-repository.knut.univention.de/download/errata/ucs/3.1/119.html