Univention Bugzilla – Bug 57029
bind9: Multiple issues (5.0)
Last modified: 2024-02-09 14:26:42 CET
New Debian bind9 1:9.11.5.P4+dfsg-5.1+deb10u10 fixes: This update addresses the following issue: 1:9.11.5.P4+dfsg-5.1+deb10u10 (Mon, 29 Jan 2024 22:03:02 +0100) * Non-maintainer upload by the LTS Team. * CVE-2023-3341 A stack exhaustion flaw was discovered in the control channel code which may result in denial of service (named daemon crash).
--- mirror/ftp/pool/main/b/bind9/bind9_9.11.5.P4+dfsg-5.1+deb10u9A~5.0.4.202307241136.dsc +++ apt/ucs_5.0-0-errata5.0-6/source/bind9_9.11.5.P4+dfsg-5.1+deb10u10.dsc @@ -1,23 +1,9 @@ -1:9.11.5.P4+dfsg-5.1+deb10u9A~5.0.4.202307241136 [Mon, 24 Jul 2023 11:36:44 +0200] Univention builddaemon <buildd@univention.de>: +1:9.11.5.P4+dfsg-5.1+deb10u10 [Mon, 29 Jan 2024 22:03:02 +0100] Thorsten Alteholz <debian@alteholz.de>: - * UCS auto build. The following patches have been applied to the original source package - 0001-Bug-22478-build-bind-with-libdb4.8.patch - 0002-Bug-51417-Do-not-fail-on-service-start.patch - 0004-Bug-41714-Add-LDAP-support.patch - 0004-Bug-41714-Add-LDAP-support.quilt - 0005-Bug-41714-conditional-compiler-error.quilt - 0006-Bug-41714-Adapt-to-new-APIs.quilt - 0007-Bug-41714-Fix-illegal-return-value.quilt - 0008-Bug-41714-Clone-URL.quilt - 0009-Bug-41714-Check-for-allocation-error.quilt - 0010-Bug-41714-Replace-deprecated-libldap-API.quilt - 0011-Bug-41714-rename-errno-to-rc.quilt - 0012-Bug-41714-Retry-search-in-case-of-closed-connections.quilt - 0013-Bug-28748-Default-LDAP-timeout-60s.quilt - 0014-Bug-42389-Fix-crash-on-shutdown.quilt - 0016-Bug-46526-Fix-memory-leak.quilt - 0017-Bug-51786-fix-apparmor-profile.patch - 0018-Bug-55163-fix-resolver-priming-query.quilt + * Non-maintainer upload by the LTS Team. + * CVE-2023-3341 + A stack exhaustion flaw was discovered in the control channel code + which may result in denial of service (named daemon crash). 1:9.11.5.P4+dfsg-5.1+deb10u9 [Fri, 07 Jul 2023 17:14:33 +0100] Chris Lamb <lamby@debian.org>: <http://piuparts.knut.univention.de/5.0-6/#3971559780554059928>
OK: bug OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-6] 7d7737bddb Bug #57029: bind9 1:9.11.5.P4+dfsg-5.1+deb10u10 doc/errata/staging/bind9.yaml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) [5.0-6] d096e554cf Bug #57029: bind9 1:9.11.5.P4+dfsg-5.1+deb10u10 doc/errata/staging/bind9.yaml | 15 +++++++++++++++ 1 file changed, 15 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x949>
Package was copied unmodified from Debian instead of applying our UCS packages on top. (In reply to Quality Assurance from comment #1) > - * UCS auto build. The following patches have been applied to the original > source package > - 0001-Bug-22478-build-bind-with-libdb4.8.patch > - 0002-Bug-51417-Do-not-fail-on-service-start.patch > - 0004-Bug-41714-Add-LDAP-support.patch > - 0004-Bug-41714-Add-LDAP-support.quilt > - 0005-Bug-41714-conditional-compiler-error.quilt > - 0006-Bug-41714-Adapt-to-new-APIs.quilt > - 0007-Bug-41714-Fix-illegal-return-value.quilt > - 0008-Bug-41714-Clone-URL.quilt > - 0009-Bug-41714-Check-for-allocation-error.quilt > - 0010-Bug-41714-Replace-deprecated-libldap-API.quilt > - 0011-Bug-41714-rename-errno-to-rc.quilt > - 0012-Bug-41714-Retry-search-in-case-of-closed-connections.quilt > - 0013-Bug-28748-Default-LDAP-timeout-60s.quilt > - 0014-Bug-42389-Fix-crash-on-shutdown.quilt > - 0016-Bug-46526-Fix-memory-leak.quilt > - 0017-Bug-51786-fix-apparmor-profile.patch > - 0018-Bug-55163-fix-resolver-priming-query.quilt > + * Non-maintainer upload by the LTS Team. > + * CVE-2023-3341 > + A stack exhaustion flaw was discovered in the control channel code > + which may result in denial of service (named daemon crash).
bind9.yaml bbb5434ee3e0 | Bug #57029: bind9 1:9.11.5.P4+dfsg-5.1+deb10u10A~5.0.6.202402081617
--- mirror/ftp/pool/main/b/bind9/bind9_9.11.5.P4+dfsg-5.1+deb10u10.dsc +++ apt/ucs_5.0-0-errata5.0-6/source/bind9_9.11.5.P4+dfsg-5.1+deb10u10A~5.0.6.202402081617.dsc @@ -1,3 +1,24 @@ +1:9.11.5.P4+dfsg-5.1+deb10u10A~5.0.6.202402081617 [Thu, 08 Feb 2024 16:17:43 +0100] Univention builddaemon <buildd@univention.de>: + + * UCS auto build. The following patches have been applied to the original source package + 0001-Bug-22478-build-bind-with-libdb4.8.patch + 0002-Bug-51417-Do-not-fail-on-service-start.patch + 0004-Bug-41714-Add-LDAP-support.patch + 0004-Bug-41714-Add-LDAP-support.quilt + 0005-Bug-41714-conditional-compiler-error.quilt + 0006-Bug-41714-Adapt-to-new-APIs.quilt + 0007-Bug-41714-Fix-illegal-return-value.quilt + 0008-Bug-41714-Clone-URL.quilt + 0009-Bug-41714-Check-for-allocation-error.quilt + 0010-Bug-41714-Replace-deprecated-libldap-API.quilt + 0011-Bug-41714-rename-errno-to-rc.quilt + 0012-Bug-41714-Retry-search-in-case-of-closed-connections.quilt + 0013-Bug-28748-Default-LDAP-timeout-60s.quilt + 0014-Bug-42389-Fix-crash-on-shutdown.quilt + 0016-Bug-46526-Fix-memory-leak.quilt + 0017-Bug-51786-fix-apparmor-profile.patch + 0018-Bug-55163-fix-resolver-priming-query.quilt + 1:9.11.5.P4+dfsg-5.1+deb10u10 [Mon, 29 Jan 2024 22:03:02 +0100] Thorsten Alteholz <debian@alteholz.de>: * Non-maintainer upload by the LTS Team. <http://piuparts.knut.univention.de/5.0-6/#910621470037598361>
OK: bug OK: yaml OK: announce_errata OK: patch ~OK: piuparts All *-dbgsym packages fail as the previous erratum 949 did copy the unmodified packages from Debian, which did not include them as Debian published them on <http://deb.debian.org/debian-debug/>; we do not imported them, so they are missing. Our new rebuild does again build *-dbgsym package, but there now is a gap in the upgrade path: scope | regular | dbgsym | version -------------+---------+--------+-------------------------------------------------- ucs506 | x | x | 1:9.11.5.P4+dfsg-5.1+deb10u9A~5.0.4.202307241136 errata506 | x | | 1:9.11.5.P4+dfsg-5.1+deb10u10 errata5.0-6 | x | x | 1:9.11.5.P4+dfsg-5.1+deb10u10A~5.0.6.202402081617 <https://univention-dist-binpkg-webgui.k8s.knut.univention.de/source/bind9/?since=5.0-6&before=5.0-6> OK: ucs-test/59_udm/67_test_udm_dns_univention_dnsedit OK: ucs-test/59_udm/67_test_udm_dns.py OK: ucs-test/59_udm/67_test_udm_dns_resolve.py OK: dig @localhost -p 7777 "$(dnsdomainname)." axfr OK: journalctl -u univention-bind-ldap.service [5.0-6] c10e896d9a Bug #57029: bind9 1:9.11.5.P4+dfsg-5.1+deb10u10A~5.0.6.202402081617 doc/errata/staging/bind9.yaml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) [5.0-6] bbb5434ee3 Bug #57029: bind9 1:9.11.5.P4+dfsg-5.1+deb10u10A~5.0.6.202402081617 doc/errata/staging/bind9.yaml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x952>
The regression was caused by https://git.knut.univention.de/univention/dist/repo-ng/-/issues/31