First Last Prev Next    This bug is not in your last search results.
Bug 37249 - bind9: Denial of service (ES 3.1)
bind9: Denial of service (ES 3.1)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 3.2
Other Linux
: P5 normal (vote)
: UCS 3.1-ES
Assigned To: Arvid Requate
Janek Walkenhorst
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-12-09 06:10 CET by Moritz Muehlenhoff
Modified: 2015-08-07 12:31 CEST (History)
2 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Moritz Muehlenhoff univentionstaff 2014-12-09 06:10:03 CET 
CVE-2014-8500

Denial of service in delegation handling could lead to denial of service against named.
Comment 1 Arvid Requate univentionstaff 2015-07-30 22:59:15 CEST 
* Denial of service via crafted packet due to error in handling TKEY queries triggering a REQUIRE assertion failure (CVE-2015-5477)
Comment 2 Arvid Requate univentionstaff 2015-07-31 14:24:54 CEST 
I have cherry picked bind9 9.8.4-P1 from errata4.0-2 to extsec3.1 but proper testing remains to be done.

We should list the relevant upstream changelogs in the Advisory email:

For the full list of changes from bind9 9.8.0-P4 to 9.8.4-P1 see:
* https://kb.isc.org/article/AA-00446/81/BIND-9.8.1-Release-Notes.html
* https://kb.isc.org/article/AA-00645/81/BIND-9.8.2-Release-Notes.html
* https://kb.isc.org/article/AA-00670/81/BIND-9.8.3-Release-Notes.html
* https://kb.isc.org/article/AA-00797/81/BIND-9.8.4-Release-Notes.html
* https://kb.isc.org/article/AA-00830/81/BIND-9.8.4-P1-Release-Notes.html
Comment 3 Arvid Requate univentionstaff 2015-08-05 15:28:22 CEST 
To fix update issues due to new (un)maintained binary packages I had to add to ucs_3.1-1_i386_dvd.txt:
==============================================================
all/host_9.8.4.dfsg.P1-6+nmu2.112.201507311408_all.deb
i386/libdns88_9.8.4.dfsg.P1-6+nmu2.112.201507311408_i386.deb
i386/libisc84_9.8.4.dfsg.P1-6+nmu2.112.201507311408_i386.deb
i386/libisccfg82_9.8.4.dfsg.P1-6+nmu2.112.201507311408_i386.deb
==============================================================

and to ucs_3.1-1_amd64_dvd.txt:
==============================================================
all/host_9.8.4.dfsg.P1-6+nmu2.112.201507311408_all.deb
amd64/libdns88_9.8.4.dfsg.P1-6+nmu2.112.201507311408_amd64.deb
amd64/libisc84_9.8.4.dfsg.P1-6+nmu2.112.201507311408_amd64.deb
amd64/libisccfg82_9.8.4.dfsg.P1-6+nmu2.112.201507311408_amd64.deb
==============================================================
Comment 4 Arvid Requate univentionstaff 2015-08-05 21:13:46 CEST 
* Package update based on UCS 3.1-1 latest worked.
* After that the release update to UCS 3.2-0 worked and no packages have been uninstalled (dpkg -l | grep ^r).
* Still waiting for the Jenkins tests for UCS 3.2-6 to check on general backporting issues (wheezy -> UCS3.x (squeeze)).
Comment 5 Arvid Requate univentionstaff 2015-08-06 10:28:14 CEST 
Ok, UCS 3.2-6 Jenkins Tests with errata3.2-6-test look good.
Comment 6 Arvid Requate univentionstaff 2015-08-06 10:28:35 CEST 
Will provide Advisory mail after QA.
Comment 7 Janek Walkenhorst univentionstaff 2015-08-06 13:56:50 CEST 
Tests: OK
Comment 8 Janek Walkenhorst univentionstaff 2015-08-07 12:31:53 CEST 
Released
First Last Prev Next    This bug is not in your last search results.