Bug 57982 - bind9: Multiple issues (5.0)
Summary: bind9: Multiple issues (5.0)
Status: CLOSED FIXED
Alias: None
Product: UCS
Classification: Unclassified
Component: Security updates
Version: UCS 5.0
Hardware: All Linux
: P3 normal
Target Milestone: UCS 5.0-9-errata
Assignee: Quality Assurance
QA Contact: Dirk Wiesenthal
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2025-02-24 10:49 CET by Quality Assurance
Modified: 2025-02-26 14:47 CET (History)
0 users

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Customer ID:
Max CVSS v3 score: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Quality Assurance univentionstaff 2025-02-24 10:49:34 CET 
New Debian bind9 1:9.11.5.P4+dfsg-5.1+deb10u14A~5.0.9.202502241049 fixes:
This update addresses the following issue:
1:9.11.5.P4+dfsg-5.1+deb10u14 (Thu, 20 Feb 2025 11:30:23 +0100)
* Non-maintainer upload by the ELTS Security Team
* Add patch for CVE-2024-11187 (backport from upstream) + Limit additional  section processing for large RDATA sets
* d/tests: add new test: zonetest, backport from Bullseye. The new test has  coverage for the CVE-2024-11187 patch.
* Salsa CI: disable REPROTEST as it is known to fail
Comment 1 Quality Assurance univentionstaff 2025-02-24 11:00:11 CET 
--- mirror/ftp/pool/main/b/bind9/bind9_9.11.5.P4+dfsg-5.1+deb10u13A~5.0.8.202409020923.dsc
+++ apt/ucs_5.0-0-errata5.0-9/source/bind9_9.11.5.P4+dfsg-5.1+deb10u14A~5.0.9.202502241049.dsc
@@ -1,4 +1,4 @@
-1:9.11.5.P4+dfsg-5.1+deb10u13A~5.0.8.202409020923 [Mon, 02 Sep 2024 09:26:26 -0000] Univention builddaemon <buildd@univention.de>:
+1:9.11.5.P4+dfsg-5.1+deb10u14A~5.0.9.202502241049 [Mon, 24 Feb 2025 10:49:44 -0000] Univention builddaemon <buildd@univention.de>:
 
   * UCS auto build. The following patches have been applied to the original source package
     0001-Bug-22478-build-bind-with-libdb4.8.patch
@@ -19,6 +19,15 @@
     0017-Bug-51786-fix-apparmor-profile.patch
     0018-Bug-55163-fix-resolver-priming-query.quilt
 
+1:9.11.5.P4+dfsg-5.1+deb10u14 [Thu, 20 Feb 2025 11:30:23 +0100] Paride Legovini <paride@debian.org>:
+
+  * Non-maintainer upload by the ELTS Security Team
+  * Add patch for CVE-2024-11187 (backport from upstream)
+    + Limit additional section processing for large RDATA sets
+  * d/tests: add new test: zonetest, backport from Bullseye.
+    The new test has coverage for the CVE-2024-11187 patch.
+  * Salsa CI: disable REPROTEST as it is known to fail
+
 1:9.11.5.P4+dfsg-5.1+deb10u13 [Tue, 20 Aug 2024 09:02:23 +0200] Emilio Pozuelo Monfort <pochu@debian.org>:
 
   * Fix assertion failure in CVE-2023-4408 backport.

<http://piuparts.knut.univention.de/5.0-9/#4281524860538180689>
Comment 2 Dirk Wiesenthal univentionstaff 2025-02-26 10:39:56 CET 
OK: piuparts
OK: automated tests
Comment 3 Dirk Wiesenthal univentionstaff 2025-02-26 14:47:19 CET 
<https://errata.software-univention.de/#/?erratum=5.0x1217>