Bug 40319 – bind9: Denial of service (4.1)

Bug 40319 - bind9: Denial of service (4.1)


Summary:	bind9: Denial of service (4.1)

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	Security updates
Version:	UCS 4.1
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 4.1-3-errata
Assigned To:	Philipp Hahn
QA Contact:	Stefan Gohmann

URL:
Keywords:

Depends on:
Blocks:	39543 42557
	Show dependency tree / graph

Reported:	2015-12-21 13:12 CET by Arvid Requate
Modified:	2016-10-20 12:40 CEST (History)
CC List:	1 user (show)

See Also:
What kind of report is it?:	Security Issue
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):	Security
Max CVSS v3 score:

Flags:	requate: Patch_Available+

Attachments
cve-2016-2776.patch (2.73 KB, patch) 2016-10-04 19:57 CEST, Arvid Requate	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Arvid Requate

2015-12-21 13:12:07 CET

+++ This bug was initially created as a clone of Bug #39543 +++

Upstream Debian package version 1:9.8.4.dfsg.P1-6+nmu2+deb7u7 fixes this issue:

* incorrect validation of DNSSEC-signed records in the Bind DNS server could result in denial of service (CVE-2015-5722)

Upstream Debian package version 1:9.8.4.dfsg.P1-6+nmu2+deb7u8 fixes this issue:

* Responses with a malformed class attribute can trigger an assertion failure in db.c (CVE-2015-8000)

Comment 1 Arvid Requate

2016-01-20 19:54:24 CET

Upstream Debian package version 1:9.8.4.dfsg.P1-6+nmu2+deb7u9 fixes this issue:

* Denial of service due to INSIST failure in apl_42.c triggered by specific APL RR data (CVE-2015-8704)

Comment 2 Arvid Requate

2016-03-10 18:48:15 CET

Upstream Debian package version 1:9.8.4.dfsg.P1-6+nmu2+deb7u10 fixes these issues:

* Denial of service due to maliciously crafted rdnc command (CVE-2016-1285)

* Denial of service (crash) due to DNAME parsing error (CVE-2016-1286)

Comment 3 Arvid Requate

2016-10-04 19:26:51 CEST

Another issue has been reported:

* buffer.c in named does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query. (CVE-2016-2776)

Comment 4 Arvid Requate

2016-10-04 19:57:28 CEST

Created attachment 8067 [details]
cve-2016-2776.patch

patch extracted from diffing 1:9.9.5.dfsg-9+deb8u7 against +deb8u76, see http://blog.infobytesec.com/2016/10/a-tale-of-dns-packet-cve-2016-2776.html

Comment 5 Arvid Requate

2016-10-06 19:09:58 CEST

Not affected by CVE-2016-2775 because UCs deosn't have lwresd enabled.

Comment 6 Arvid Requate

2016-10-06 19:11:38 CEST

Upstream Debian package version 1:9.8.4.dfsg.P1-6+nmu2+deb7u11 fixes:

CVE-2016-2776 (and CVE-2016-2775)

Comment 7 Philipp Hahn

2016-10-10 16:19:37 CEST

r16776 | bind9

Package: bind9
Version: 1:9.8.4.dfsg.P1-6+nmu2.115.201610101551
Branch: ucs_4.1-0
Scope: errata4.1-3

r73049 | Bug #40319: bind9 YAML
 bind9.yaml

=> SELECT DISTINCT binver,major,minor,patch,scope FROM binpkg WHERE binpkg='bind9' AND (major=3 AND minor>=2 OR major>=4) ORDER BY major,minor,patch,scope ASC NULLS FIRST;
                 binver                  | major | minor | patch | scope  
-----------------------------------------+-------+-------+-------+--------
 1:9.8.0.P4-1.102.201307290920           |     3 |     2 |     0 | 
 1:9.8.4.dfsg.P1-6+nmu2.113.201508061528 |     3 |     2 |     6 | errata
 1:9.8.4.dfsg.P1-6+nmu2.113.201508061528 |     3 |     2 |     7 | 
 1:9.8.4.dfsg.P1-6+nmu2.113.201610101547 |     3 |     2 |     8 | errata
 1:9.8.4.dfsg.P1-6+nmu2.113.201603012216 |     3 |     3 |     0 | 
 1:9.8.4.dfsg.P1-6+nmu2.113.201610101550 |     3 |     3 |     0 | errata
 1:9.8.4.dfsg.P1-6+nmu2.108.201411010114 |     4 |     0 |     0 | 
 1:9.8.4.dfsg.P1-6+nmu2.109.201501200840 |     4 |     0 |     0 | errata
 1:9.8.4.dfsg.P1-6+nmu2.109.201501200840 |     4 |     0 |     1 | 
 1:9.8.4.dfsg.P1-6+nmu2.114.201508061539 |     4 |     0 |     2 | errata
 1:9.8.4.dfsg.P1-6+nmu2.114.201508061539 |     4 |     0 |     3 | 
 1:9.8.4.dfsg.P1-6+nmu2.115.201610101551 |     4 |     1 |     3 | errata
 1:9.9.5.dfsg-9+deb8u6                   |     4 |     2 |     0 |

Comment 8 Stefan Gohmann

2016-10-13 13:14:43 CEST

Jenkins Tests: OK
 
YAML: OK

ucs-test (DNS WIP tests) with LDAP backend: OK

ucs-test (DNS WIP tests) with S4 backend: OK

Comment 9 Stefan Gohmann

2016-10-13 14:44:05 CEST

Waiting for Bug #42590.

Comment 10 Philipp Hahn

2016-10-17 11:38:57 CEST

Package: bind9
Version: 1:9.8.4.dfsg.P1-6+nmu2.124.201610152034
Branch: ucs_4.1-0
Scope: errata4.1-3

r73256 | Bug #40319 bind9: YAML
 bind9.yaml

Comment 11 Stefan Gohmann

2016-10-19 17:01:46 CEST

Ok, looks good now.

Comment 12 Janek Walkenhorst

2016-10-20 12:40:07 CEST

<http://errata.software-univention.de/ucs/4.1/297.html>