Univention Bugzilla – Bug 49454
bind9: Multiple issues (4.3)
Last modified: 2019-05-15 16:07:27 CEST
New Debian bind9 1:9.10.3.dfsg.P4-12.3+deb9u5A~4.3.4.201905130942 fixes: This update addresses the following issues: * Limiting simultaneous TCP clients is ineffective (CVE-2018-5743) * An assertion failure if a trust anchor rolls over to an unsupported key algorithm when using managed-keys (CVE-2018-5745) * Controls for zone transfers may not be properly applied to DLZs if the zones are writable (CVE-2019-6465)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/bind9_9.10.3.dfsg.P4-12.3+deb9u4A~4.3.0.201803091039.dsc +++ apt/ucs_4.3-0-errata4.3-4/source/bind9_9.10.3.dfsg.P4-12.3+deb9u5A~4.3.4.201905130956.dsc @@ -1,21 +1,20 @@ -1:9.10.3.dfsg.P4-12.3+deb9u4A~4.3.0.201803091039 [Fri, 09 Mar 2018 10:39:30 +0100] Univention builddaemon <buildd@univention.de>: +1:9.10.3.dfsg.P4-12.3+deb9u5A~4.3.4.201905130956 [Mon, 13 May 2019 09:59:44 +0200] Univention builddaemon <buildd@univention.de>: - * UCS auto build. The following patches have been applied to the original source package - 0001-Bug-22478-build-bind-with-libdb4.8 - 0003-Bug-24160-check-if-bind9-init-script-is-available-be - 0004-Bug-41714-Add-LDAP-support - 0004-Bug-41714-Add-LDAP-support - 0005-Bug-41714-conditional-compiler-error - 0006-Bug-41714-Adapt-to-new-APIs - 0007-Bug-41714-Fix-illegal-return-value - 0008-Bug-41714-Clone-URL - 0009-Bug-41714-Check-for-allocation-error - 0010-Bug-41714-Replace-deprecated-libldap-API - 0011-Bug-41714-rename-errno-to-rc - 0012-Bug-41714-Retry-search-in-case-of-closed-connections - 0013-Bug-28748-Default-LDAP-timeout-60s - 0014-Bug-42389-Fix-crash-on-shutdown - 0016-Bug-46526-Fix-memory-leak + * UCS auto build. No patches were applied to the original source package + +1:9.10.3.dfsg.P4-12.3+deb9u5 [Fri, 03 May 2019 22:34:35 +0200] Bernhard Schmidt <berni@debian.org>: + + [ Marc Deslauriers (Ubuntu) ] + * CVE-2018-5743: limiting simultaneous TCP clients is ineffective. + Thanks to Marc Deslauriers of Ubuntu (Closes: #927932) + + [ Ondřej Surý ] + * Sync Maintainer and Uploaders with unstable + * [CVE-2019-6465]: Zone transfer for DLZs are executed though not + permitted by ACLs. (Closes: #922955) + * [CVE-2018-5745]: Avoid assertion and thus causing named to + deliberately exit when a trust anchor's key is replaced with a key + which uses an unsupported algorithm. (Closes: #922954) 1:9.10.3.dfsg.P4-12.3+deb9u4 [Mon, 15 Jan 2018 22:40:17 +0100] Salvatore Bonaccorso <carnil@debian.org>: <http://10.200.17.11/4.3-4/#5031764334402210811>
(In reply to Quality Assurance from comment #1) > - * UCS auto build. The following patches have been applied to the original > source package > - 0001-Bug-22478-build-bind-with-libdb4.8 > - 0003-Bug-24160-check-if-bind9-init-script-is-available-be > - 0004-Bug-41714-Add-LDAP-support > - 0004-Bug-41714-Add-LDAP-support > - 0005-Bug-41714-conditional-compiler-error > - 0006-Bug-41714-Adapt-to-new-APIs > - 0007-Bug-41714-Fix-illegal-return-value > - 0008-Bug-41714-Clone-URL > - 0009-Bug-41714-Check-for-allocation-error > - 0010-Bug-41714-Replace-deprecated-libldap-API > - 0011-Bug-41714-rename-errno-to-rc > - 0012-Bug-41714-Retry-search-in-case-of-closed-connections > - 0013-Bug-28748-Default-LDAP-timeout-60s > - 0014-Bug-42389-Fix-crash-on-shutdown > - 0016-Bug-46526-Fix-memory-leak > + * UCS auto build. No patches were applied to the original source package Critical patch failure
r18573 | Bug #49454: bind9 1:9.10.3.dfsg.P4-12.3+deb9u5 Package: bind9 Version: 1:9.10.3.dfsg.P4-12.3+deb9u5A~4.3.0.201905131409 Branch: ucs_4.3-0 Scope: errata4.3-4 [4.3-4] 5fd1791a8c Bug #49454: bind9 1:9.10.3.dfsg.P4-12.3+deb9u5A~4.3.0.201905131409 doc/errata/staging/bind9.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/bind9_9.10.3.dfsg.P4-12.3+deb9u4A~4.3.0.201803091039.dsc +++ apt/ucs_4.3-0-errata4.3-4/source/bind9_9.10.3.dfsg.P4-12.3+deb9u5A~4.3.0.201905131409.dsc @@ -1,4 +1,4 @@ -1:9.10.3.dfsg.P4-12.3+deb9u4A~4.3.0.201803091039 [Fri, 09 Mar 2018 10:39:30 +0100] Univention builddaemon <buildd@univention.de>: +1:9.10.3.dfsg.P4-12.3+deb9u5A~4.3.0.201905131409 [Mon, 13 May 2019 14:09:49 +0200] Univention builddaemon <buildd@univention.de>: * UCS auto build. The following patches have been applied to the original source package 0001-Bug-22478-build-bind-with-libdb4.8 @@ -17,6 +17,20 @@ 0014-Bug-42389-Fix-crash-on-shutdown 0016-Bug-46526-Fix-memory-leak +1:9.10.3.dfsg.P4-12.3+deb9u5 [Fri, 03 May 2019 22:34:35 +0200] Bernhard Schmidt <berni@debian.org>: + + [ Marc Deslauriers (Ubuntu) ] + * CVE-2018-5743: limiting simultaneous TCP clients is ineffective. + Thanks to Marc Deslauriers of Ubuntu (Closes: #927932) + + [ Ondřej Surý ] + * Sync Maintainer and Uploaders with unstable + * [CVE-2019-6465]: Zone transfer for DLZs are executed though not + permitted by ACLs. (Closes: #922955) + * [CVE-2018-5745]: Avoid assertion and thus causing named to + deliberately exit when a trust anchor's key is replaced with a key + which uses an unsupported algorithm. (Closes: #922954) + 1:9.10.3.dfsg.P4-12.3+deb9u4 [Mon, 15 Jan 2018 22:40:17 +0100] Salvatore Bonaccorso <carnil@debian.org>: * Non-maintainer upload by the Security Team. <http://10.200.17.11/4.3-4/#3288380069195683881>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.3-4] 5fd1791a8c Bug #49454: bind9 1:9.10.3.dfsg.P4-12.3+deb9u5A~4.3.0.201905131409 doc/errata/staging/bind9.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) [4.3-4] e9a11328b2 Bug #49454: bind9 1:9.10.3.dfsg.P4-12.3+deb9u5A~4.3.4.201905130956 doc/errata/staging/bind9.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) [4.3-4] b51358bcf3 Bug #49454: bind9 1:9.10.3.dfsg.P4-12.3+deb9u5A~4.3.4.201905130942 doc/errata/staging/bind9.yaml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+)
<http://errata.software-univention.de/ucs/4.3/499.html>