Univention Bugzilla – Full Text Bug Listing |
Summary: | bind9: Denial of service (4.1) | ||
---|---|---|---|
Product: | UCS | Reporter: | Arvid Requate <requate> |
Component: | Security updates | Assignee: | Philipp Hahn <hahn> |
Status: | CLOSED FIXED | QA Contact: | Stefan Gohmann <gohmann> |
Severity: | normal | ||
Priority: | P5 | CC: | gohmann |
Version: | UCS 4.1 | Flags: | requate:
Patch_Available+
|
Target Milestone: | UCS 4.1-3-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
What kind of report is it?: | Security Issue | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | Security | |
Max CVSS v3 score: | |||
Bug Depends on: | |||
Bug Blocks: | 39543, 42557 | ||
Attachments: | cve-2016-2776.patch |
Description
Arvid Requate
2015-12-21 13:12:07 CET
Upstream Debian package version 1:9.8.4.dfsg.P1-6+nmu2+deb7u9 fixes this issue: * Denial of service due to INSIST failure in apl_42.c triggered by specific APL RR data (CVE-2015-8704) Upstream Debian package version 1:9.8.4.dfsg.P1-6+nmu2+deb7u10 fixes these issues: * Denial of service due to maliciously crafted rdnc command (CVE-2016-1285) * Denial of service (crash) due to DNAME parsing error (CVE-2016-1286) Another issue has been reported: * buffer.c in named does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query. (CVE-2016-2776) Created attachment 8067 [details] cve-2016-2776.patch patch extracted from diffing 1:9.9.5.dfsg-9+deb8u7 against +deb8u76, see http://blog.infobytesec.com/2016/10/a-tale-of-dns-packet-cve-2016-2776.html Not affected by CVE-2016-2775 because UCs deosn't have lwresd enabled. Upstream Debian package version 1:9.8.4.dfsg.P1-6+nmu2+deb7u11 fixes: CVE-2016-2776 (and CVE-2016-2775) r16776 | bind9 Package: bind9 Version: 1:9.8.4.dfsg.P1-6+nmu2.115.201610101551 Branch: ucs_4.1-0 Scope: errata4.1-3 r73049 | Bug #40319: bind9 YAML bind9.yaml => SELECT DISTINCT binver,major,minor,patch,scope FROM binpkg WHERE binpkg='bind9' AND (major=3 AND minor>=2 OR major>=4) ORDER BY major,minor,patch,scope ASC NULLS FIRST; binver | major | minor | patch | scope -----------------------------------------+-------+-------+-------+-------- 1:9.8.0.P4-1.102.201307290920 | 3 | 2 | 0 | 1:9.8.4.dfsg.P1-6+nmu2.113.201508061528 | 3 | 2 | 6 | errata 1:9.8.4.dfsg.P1-6+nmu2.113.201508061528 | 3 | 2 | 7 | 1:9.8.4.dfsg.P1-6+nmu2.113.201610101547 | 3 | 2 | 8 | errata 1:9.8.4.dfsg.P1-6+nmu2.113.201603012216 | 3 | 3 | 0 | 1:9.8.4.dfsg.P1-6+nmu2.113.201610101550 | 3 | 3 | 0 | errata 1:9.8.4.dfsg.P1-6+nmu2.108.201411010114 | 4 | 0 | 0 | 1:9.8.4.dfsg.P1-6+nmu2.109.201501200840 | 4 | 0 | 0 | errata 1:9.8.4.dfsg.P1-6+nmu2.109.201501200840 | 4 | 0 | 1 | 1:9.8.4.dfsg.P1-6+nmu2.114.201508061539 | 4 | 0 | 2 | errata 1:9.8.4.dfsg.P1-6+nmu2.114.201508061539 | 4 | 0 | 3 | 1:9.8.4.dfsg.P1-6+nmu2.115.201610101551 | 4 | 1 | 3 | errata 1:9.9.5.dfsg-9+deb8u6 | 4 | 2 | 0 | Jenkins Tests: OK YAML: OK ucs-test (DNS WIP tests) with LDAP backend: OK ucs-test (DNS WIP tests) with S4 backend: OK Waiting for Bug #42590. Package: bind9 Version: 1:9.8.4.dfsg.P1-6+nmu2.124.201610152034 Branch: ucs_4.1-0 Scope: errata4.1-3 r73256 | Bug #40319 bind9: YAML bind9.yaml Ok, looks good now. |