Univention Bugzilla – Bug 37249
bind9: Denial of service (ES 3.1)
Last modified: 2015-08-07 12:31:53 CEST
CVE-2014-8500 Denial of service in delegation handling could lead to denial of service against named.
* Denial of service via crafted packet due to error in handling TKEY queries triggering a REQUIRE assertion failure (CVE-2015-5477)
I have cherry picked bind9 9.8.4-P1 from errata4.0-2 to extsec3.1 but proper testing remains to be done. We should list the relevant upstream changelogs in the Advisory email: For the full list of changes from bind9 9.8.0-P4 to 9.8.4-P1 see: * https://kb.isc.org/article/AA-00446/81/BIND-9.8.1-Release-Notes.html * https://kb.isc.org/article/AA-00645/81/BIND-9.8.2-Release-Notes.html * https://kb.isc.org/article/AA-00670/81/BIND-9.8.3-Release-Notes.html * https://kb.isc.org/article/AA-00797/81/BIND-9.8.4-Release-Notes.html * https://kb.isc.org/article/AA-00830/81/BIND-9.8.4-P1-Release-Notes.html
To fix update issues due to new (un)maintained binary packages I had to add to ucs_3.1-1_i386_dvd.txt: ============================================================== all/host_9.8.4.dfsg.P1-6+nmu2.112.201507311408_all.deb i386/libdns88_9.8.4.dfsg.P1-6+nmu2.112.201507311408_i386.deb i386/libisc84_9.8.4.dfsg.P1-6+nmu2.112.201507311408_i386.deb i386/libisccfg82_9.8.4.dfsg.P1-6+nmu2.112.201507311408_i386.deb ============================================================== and to ucs_3.1-1_amd64_dvd.txt: ============================================================== all/host_9.8.4.dfsg.P1-6+nmu2.112.201507311408_all.deb amd64/libdns88_9.8.4.dfsg.P1-6+nmu2.112.201507311408_amd64.deb amd64/libisc84_9.8.4.dfsg.P1-6+nmu2.112.201507311408_amd64.deb amd64/libisccfg82_9.8.4.dfsg.P1-6+nmu2.112.201507311408_amd64.deb ==============================================================
* Package update based on UCS 3.1-1 latest worked. * After that the release update to UCS 3.2-0 worked and no packages have been uninstalled (dpkg -l | grep ^r). * Still waiting for the Jenkins tests for UCS 3.2-6 to check on general backporting issues (wheezy -> UCS3.x (squeeze)).
Ok, UCS 3.2-6 Jenkins Tests with errata3.2-6-test look good.
Will provide Advisory mail after QA.
Tests: OK
Released