Univention Bugzilla – Bug 49450
bind9: Multiple issues (4.4)
Last modified: 2019-05-15 14:52:29 CEST
New Debian bind9 1:9.10.3.dfsg.P4-12.3+deb9u5A~4.4.0.201905130912 fixes: This update addresses the following issues: * Limiting simultaneous TCP clients is ineffective (CVE-2018-5743) * An assertion failure if a trust anchor rolls over to an unsupported key algorithm when using managed-keys (CVE-2018-5745) * Controls for zone transfers may not be properly applied to DLZs if the zones are writable (CVE-2019-6465)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/bind9_9.10.3.dfsg.P4-12.3+deb9u4A~4.3.0.201803091039.dsc +++ apt/ucs_4.4-0-errata4.4-0/source/bind9_9.10.3.dfsg.P4-12.3+deb9u5A~4.4.0.201905130912.dsc @@ -1,21 +1,20 @@ -1:9.10.3.dfsg.P4-12.3+deb9u4A~4.3.0.201803091039 [Fri, 09 Mar 2018 10:39:30 +0100] Univention builddaemon <buildd@univention.de>: +1:9.10.3.dfsg.P4-12.3+deb9u5A~4.4.0.201905130912 [Mon, 13 May 2019 09:12:24 +0200] Univention builddaemon <buildd@univention.de>: - * UCS auto build. The following patches have been applied to the original source package - 0001-Bug-22478-build-bind-with-libdb4.8 - 0003-Bug-24160-check-if-bind9-init-script-is-available-be - 0004-Bug-41714-Add-LDAP-support - 0004-Bug-41714-Add-LDAP-support - 0005-Bug-41714-conditional-compiler-error - 0006-Bug-41714-Adapt-to-new-APIs - 0007-Bug-41714-Fix-illegal-return-value - 0008-Bug-41714-Clone-URL - 0009-Bug-41714-Check-for-allocation-error - 0010-Bug-41714-Replace-deprecated-libldap-API - 0011-Bug-41714-rename-errno-to-rc - 0012-Bug-41714-Retry-search-in-case-of-closed-connections - 0013-Bug-28748-Default-LDAP-timeout-60s - 0014-Bug-42389-Fix-crash-on-shutdown - 0016-Bug-46526-Fix-memory-leak + * UCS auto build. No patches were applied to the original source package + +1:9.10.3.dfsg.P4-12.3+deb9u5 [Fri, 03 May 2019 22:34:35 +0200] Bernhard Schmidt <berni@debian.org>: + + [ Marc Deslauriers (Ubuntu) ] + * CVE-2018-5743: limiting simultaneous TCP clients is ineffective. + Thanks to Marc Deslauriers of Ubuntu (Closes: #927932) + + [ Ondřej Surý ] + * Sync Maintainer and Uploaders with unstable + * [CVE-2019-6465]: Zone transfer for DLZs are executed though not + permitted by ACLs. (Closes: #922955) + * [CVE-2018-5745]: Avoid assertion and thus causing named to + deliberately exit when a trust anchor's key is replaced with a key + which uses an unsupported algorithm. (Closes: #922954) 1:9.10.3.dfsg.P4-12.3+deb9u4 [Mon, 15 Jan 2018 22:40:17 +0100] Salvatore Bonaccorso <carnil@debian.org>: <http://10.200.17.11/4.4-0/#2687178286816421384>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-0] 0b75eb1732 Bug #49450: bind9 1:9.10.3.dfsg.P4-12.3+deb9u5A~4.4.0.201905130912 doc/errata/staging/bind9.yaml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+)
(In reply to Quality Assurance from comment #1) > - * UCS auto build. The following patches have been applied to the original > source package > - 0001-Bug-22478-build-bind-with-libdb4.8 > - 0003-Bug-24160-check-if-bind9-init-script-is-available-be > - 0004-Bug-41714-Add-LDAP-support > - 0004-Bug-41714-Add-LDAP-support > - 0005-Bug-41714-conditional-compiler-error > - 0006-Bug-41714-Adapt-to-new-APIs > - 0007-Bug-41714-Fix-illegal-return-value > - 0008-Bug-41714-Clone-URL > - 0009-Bug-41714-Check-for-allocation-error > - 0010-Bug-41714-Replace-deprecated-libldap-API > - 0011-Bug-41714-rename-errno-to-rc > - 0012-Bug-41714-Retry-search-in-case-of-closed-connections > - 0013-Bug-28748-Default-LDAP-timeout-60s > - 0014-Bug-42389-Fix-crash-on-shutdown > - 0016-Bug-46526-Fix-memory-leak > + * UCS auto build. No patches were applied to the original source package Cirtical patch failure
r18572 | Bug #49450: bind9 1:9.10.3.dfsg.P4-12.3+deb9u5 Package: bind9 Version: 1:9.10.3.dfsg.P4-12.3+deb9u5A~4.4.0.201905131414 Branch: ucs_4.4-0 Scope: errata4.4-0 [4.4-0] facb476a2e Bug #49450: bind9 1:9.10.3.dfsg.P4-12.3+deb9u5A~4.4.0.201905131414 doc/errata/staging/bind9.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/bind9_9.10.3.dfsg.P4-12.3+deb9u4A~4.3.0.201803091039.dsc +++ apt/ucs_4.4-0-errata4.4-0/source/bind9_9.10.3.dfsg.P4-12.3+deb9u5A~4.4.0.201905131414.dsc @@ -1,4 +1,4 @@ -1:9.10.3.dfsg.P4-12.3+deb9u4A~4.3.0.201803091039 [Fri, 09 Mar 2018 10:39:30 +0100] Univention builddaemon <buildd@univention.de>: +1:9.10.3.dfsg.P4-12.3+deb9u5A~4.4.0.201905131414 [Mon, 13 May 2019 14:14:28 +0200] Univention builddaemon <buildd@univention.de>: * UCS auto build. The following patches have been applied to the original source package 0001-Bug-22478-build-bind-with-libdb4.8 @@ -17,6 +17,20 @@ 0014-Bug-42389-Fix-crash-on-shutdown 0016-Bug-46526-Fix-memory-leak +1:9.10.3.dfsg.P4-12.3+deb9u5 [Fri, 03 May 2019 22:34:35 +0200] Bernhard Schmidt <berni@debian.org>: + + [ Marc Deslauriers (Ubuntu) ] + * CVE-2018-5743: limiting simultaneous TCP clients is ineffective. + Thanks to Marc Deslauriers of Ubuntu (Closes: #927932) + + [ Ondřej Surý ] + * Sync Maintainer and Uploaders with unstable + * [CVE-2019-6465]: Zone transfer for DLZs are executed though not + permitted by ACLs. (Closes: #922955) + * [CVE-2018-5745]: Avoid assertion and thus causing named to + deliberately exit when a trust anchor's key is replaced with a key + which uses an unsupported algorithm. (Closes: #922954) + 1:9.10.3.dfsg.P4-12.3+deb9u4 [Mon, 15 Jan 2018 22:40:17 +0100] Salvatore Bonaccorso <carnil@debian.org>: * Non-maintainer upload by the Security Team. <http://10.200.17.11/4.4-0/#8334012980007569444>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-0] facb476a2e Bug #49450: bind9 1:9.10.3.dfsg.P4-12.3+deb9u5A~4.4.0.201905131414 doc/errata/staging/bind9.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) [4.4-0] 0b75eb1732 Bug #49450: bind9 1:9.10.3.dfsg.P4-12.3+deb9u5A~4.4.0.201905130912 doc/errata/staging/bind9.yaml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+)
<http://errata.software-univention.de/ucs/4.4/93.html>