Bug 42747 - bind9: Denial of service (4.1)
bind9: Denial of service (4.1)
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.1
Other Linux
: P5 normal (vote)
: UCS 4.1-4-errata
Assigned To: Arvid Requate
Philipp Hahn
: 42898 (view as bug list)
Depends on:
Blocks: 42748 43769
  Show dependency treegraph
Reported: 2016-10-24 13:34 CEST by Arvid Requate
Modified: 2017-03-09 14:05 CET (History)
1 user (show)

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): Security
Max CVSS v3 score:
requate: Patch_Available+


Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2016-10-24 13:34:51 CEST
Upstream Debian package version 1:9.8.4.dfsg.P1-6+nmu2+deb7u12 fixes this issue:

* ISC BIND 9.1.0 through 9.8.4-P2 and 9.9.0 through 9.9.2-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via malformed options data in an OPT resource record. (CVE-2016-2848)
Comment 1 Arvid Requate univentionstaff 2016-11-10 21:20:46 CET
Advisory: bind9.yaml
Comment 2 Philipp Hahn univentionstaff 2016-11-29 17:15:10 CET
OK: aptitude install '?source-package(bind9)~i'
OK: aptitude install '?source-package(bind9)'
OK: dig @ -p 53 "$(dnsdomainname)" axfr
OK: named-checkconf /etc/bind/named.conf.samba4
OK: ucr set dns/backend=ldap
OK: dig @ -p 7777 "$(dnsdomainname)" axfr
OK: named-checkconf /etc/bind/named.conf.proxy
OK: named-checkconf /etc/bind/named.conf
OK: zless /usr/share/doc/bind9/changelog.Debian.gz # 1:9.8.4.dfsg.P1-6+nmu2+deb7u13

FIXED: errata-announce -V --only bind9.yaml # r74792 
FIXED: misses CVE-2016-8864 # r74808
Comment 3 Philipp Hahn univentionstaff 2016-11-29 17:15:14 CET
*** Bug 42898 has been marked as a duplicate of this bug. ***
Comment 4 Janek Walkenhorst univentionstaff 2016-12-01 11:57:26 CET