Bug 42747

Summary:	bind9: Denial of service (4.1)
Product:	UCS	Reporter:	Arvid Requate <requate>
Component:	Security updates	Assignee:	Arvid Requate <requate>
Status:	CLOSED FIXED	QA Contact:	Philipp Hahn <hahn>
Severity:	normal
Priority:	P5	CC:	gohmann
Version:	UCS 4.1	Flags:	requate: Patch_Available+
Target Milestone:	UCS 4.1-4-errata
Hardware:	Other
OS:	Linux
What kind of report is it?:	Security Issue	What type of bug is this?:	---
Who will be affected by this bug?:	---	How will those affected feel about the bug?:	---
User Pain:		Enterprise Customer affected?:
School Customer affected?:		ISV affected?:
Waiting Support:		Flags outvoted (downgraded) after PO Review:
Ticket number:		Bug group (optional):	Security
Max CVSS v3 score:
Bug Depends on:
Bug Blocks:	42748, 43769

Description Arvid Requate

2016-10-24 13:34:51 CEST

Upstream Debian package version 1:9.8.4.dfsg.P1-6+nmu2+deb7u12 fixes this issue:

* ISC BIND 9.1.0 through 9.8.4-P2 and 9.9.0 through 9.9.2-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via malformed options data in an OPT resource record. (CVE-2016-2848)

Comment 1 Arvid Requate

2016-11-10 21:20:46 CET

Advisory: bind9.yaml

Comment 2 Philipp Hahn

2016-11-29 17:15:10 CET

OK: aptitude install '?source-package(bind9)~i'
OK: aptitude install '?source-package(bind9)'
OK: dig @127.0.0.1 -p 53 "$(dnsdomainname)" axfr
OK: named-checkconf /etc/bind/named.conf.samba4
OK: ucr set dns/backend=ldap
OK: dig @127.0.0.1 -p 7777 "$(dnsdomainname)" axfr
OK: named-checkconf /etc/bind/named.conf.proxy
OK: named-checkconf /etc/bind/named.conf
OK: zless /usr/share/doc/bind9/changelog.Debian.gz # 1:9.8.4.dfsg.P1-6+nmu2+deb7u13

FIXED: errata-announce -V --only bind9.yaml # r74792 
FIXED: misses CVE-2016-8864 # r74808

Comment 3 Philipp Hahn

2016-11-29 17:15:14 CET

*** Bug 42898 has been marked as a duplicate of this bug. ***

Comment 4 Janek Walkenhorst

2016-12-01 11:57:26 CET

<http://errata.software-univention.de/ucs/4.1/336.html>