Bug 42557 - bind9: Denial of service (3.3)
bind9: Denial of service (3.3)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 3.3
Other Linux
: P5 normal (vote)
: UCS 3.3-0-errata
Assigned To: Philipp Hahn
Stefan Gohmann
:
Depends on: 40319
Blocks: 39544 42590
  Show dependency treegraph
 
Reported: 2016-10-04 19:30 CEST by Arvid Requate
Modified: 2016-10-20 13:02 CEST (History)
2 users (show)

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional): Security
Max CVSS v3 score:
requate: Patch_Available+


Attachments
cve-2016-2776.patch (2.73 KB, patch)
2016-10-04 19:58 CEST, Arvid Requate
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2016-10-04 19:30:47 CEST
+++ This bug was initially created as a clone of Bug #39544 +++

Upstream Debian package version 1:9.8.4.dfsg.P1-6+nmu2+deb7u7 fixes this issue:

* incorrect validation of DNSSEC-signed records in the Bind DNS server could result in denial of service (CVE-2015-5722)
Comment 1 Arvid Requate univentionstaff 2016-10-04 19:31:02 CEST
Upstream Debian package version 1:9.8.4.dfsg.P1-6+nmu2+deb7u8 fixes this issue:

* Responses with a malformed class attribute can trigger an assertion failure in db.c (CVE-2015-8000)
Comment 2 Arvid Requate univentionstaff 2016-10-04 19:31:14 CEST
Upstream Debian package version 1:9.8.4.dfsg.P1-6+nmu2+deb7u9 fixes this issue:

* Denial of service due to INSIST failure in apl_42.c triggered by specific APL RR data (CVE-2015-8704)
Comment 3 Arvid Requate univentionstaff 2016-10-04 19:31:26 CEST
Upstream Debian package version 1:9.8.4.dfsg.P1-6+nmu2+deb7u10 fixes these issues:

* Denial of service due to maliciously crafted rdnc command (CVE-2016-1285)

* Denial of service (crash) due to DNAME parsing error (CVE-2016-1286)
Comment 4 Arvid Requate univentionstaff 2016-10-04 19:31:58 CEST
Another issue has been reported:

* buffer.c in named does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query. (CVE-2016-2776)
Comment 5 Arvid Requate univentionstaff 2016-10-04 19:58:21 CEST
Created attachment 8068 [details]
cve-2016-2776.patch

patch extracted from diffing 1:9.9.5.dfsg-9+deb8u7 against +deb8u76, see http://blog.infobytesec.com/2016/10/a-tale-of-dns-packet-cve-2016-2776.html
Comment 6 Arvid Requate univentionstaff 2016-10-06 19:13:22 CEST
Upstream Debian package version 1:9.8.4.dfsg.P1-6+nmu2+deb7u11 fixes

CVE-2016-2776 (and CVE-2016-2775)
Comment 7 Philipp Hahn univentionstaff 2016-10-10 16:19:26 CEST
r16776 | bind9

Package: bind9
Version: 1:9.8.4.dfsg.P1-6+nmu2.113.201610101550
Branch: ucs_3.3-0
Scope: errata3.3-0

r73049 | Bug #40319: bind9 YAML
 bind9.yaml

=> SELECT DISTINCT binver,major,minor,patch,scope FROM binpkg WHERE binpkg='bind9' AND (major=3 AND minor>=2 OR major>=4) ORDER BY major,minor,patch,scope ASC NULLS FIRST;
                 binver                  | major | minor | patch | scope  
-----------------------------------------+-------+-------+-------+--------
 1:9.8.0.P4-1.102.201307290920           |     3 |     2 |     0 | 
 1:9.8.4.dfsg.P1-6+nmu2.113.201508061528 |     3 |     2 |     6 | errata
 1:9.8.4.dfsg.P1-6+nmu2.113.201508061528 |     3 |     2 |     7 | 
 1:9.8.4.dfsg.P1-6+nmu2.113.201610101547 |     3 |     2 |     8 | errata
 1:9.8.4.dfsg.P1-6+nmu2.113.201603012216 |     3 |     3 |     0 | 
 1:9.8.4.dfsg.P1-6+nmu2.113.201610101550 |     3 |     3 |     0 | errata
 1:9.8.4.dfsg.P1-6+nmu2.108.201411010114 |     4 |     0 |     0 | 
 1:9.8.4.dfsg.P1-6+nmu2.109.201501200840 |     4 |     0 |     0 | errata
 1:9.8.4.dfsg.P1-6+nmu2.109.201501200840 |     4 |     0 |     1 | 
 1:9.8.4.dfsg.P1-6+nmu2.114.201508061539 |     4 |     0 |     2 | errata
 1:9.8.4.dfsg.P1-6+nmu2.114.201508061539 |     4 |     0 |     3 | 
 1:9.8.4.dfsg.P1-6+nmu2.115.201610101551 |     4 |     1 |     3 | errata
 1:9.9.5.dfsg-9+deb8u6                   |     4 |     2 |     0 |
Comment 9 Stefan Gohmann univentionstaff 2016-10-13 14:29:30 CEST
Jenkins tests: OK

YAML: OK
Comment 10 Stefan Gohmann univentionstaff 2016-10-13 14:30:01 CEST
(In reply to Stefan Gohmann from comment #9)
> Jenkins tests: OK
> 
> YAML: OK

Manual tests: OK
Comment 11 Stefan Gohmann univentionstaff 2016-10-13 14:44:00 CEST
Waiting for Bug #42590.
Comment 12 Philipp Hahn univentionstaff 2016-10-17 11:38:59 CEST
Package: bind9
Version: 1:9.8.4.dfsg.P1-6+nmu2.122.201610152025
Branch: ucs_3.3-0
Scope: errata3.3-0

r73255 | Bug #42557 bind9: YAML
 bind9.yaml
Comment 13 Stefan Gohmann univentionstaff 2016-10-19 10:11:17 CEST
OK, looks good now.
Comment 14 Janek Walkenhorst univentionstaff 2016-10-20 13:02:24 CEST
<http://errata.software-univention.de/ucs/3.3/17.html>