Debian Bug report logs -
#649099
BIND 9 Resolver crashes after logging an error in query.c
Reported by: sacrificial-spam-address@horizon.com
Date: Thu, 17 Nov 2011 16:09:10 UTC
Severity: serious
Tags: security, upstream
Found in version bind9/1:9.8.1.dfsg-1
Fixed in version 1:9.8.1.dfsg.P1-1
Done: Kurt Roeckx <kurt@roeckx.be>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>:
Bug#649099; Package bind9.
(Thu, 17 Nov 2011 16:09:13 GMT) (full text, mbox, link).
Acknowledgement sent
to sacrificial-spam-address@horizon.com:
New Bug report received and forwarded. Copy sent to LaMont Jones <lamont@debian.org>.
(Thu, 17 Nov 2011 16:09:14 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: bind9
Version: 1:9.8.1.dfsg-1
Severity: serious
Tags: security upstream
As you have probably heard, someone has found a way to remotely crash a bind9 server:
http://isc.sans.edu/diary.html?storyid=12049
https://www.isc.org/software/bind/advisories/cve-2011-4313
A stopgap patch (9.8.1-p1) is available, and should presumably be included
in a Debian release ASAP.
Severity only "serious" because so far it appears to be only a DoS.
Information forwarded
to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>:
Bug#649099; Package bind9.
(Fri, 25 Nov 2011 09:48:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Dominik Röttsches <d-r@roettsches.de>:
Extra info received and forwarded to list. Copy sent to LaMont Jones <lamont@debian.org>.
(Fri, 25 Nov 2011 09:48:13 GMT) (full text, mbox, link).
Message #10 received at 649099@bugs.debian.org (full text, mbox, reply):
I just applied this one to `apt-get source bind9`:
http://pastebin.com/ZvSY3LWA
using patch -l -p1 < ...
since there seem to be whitespace differences.
Reply sent
to Kurt Roeckx <kurt@roeckx.be>:
You have taken responsibility.
(Tue, 07 Feb 2012 17:33:08 GMT) (full text, mbox, link).
Notification sent
to sacrificial-spam-address@horizon.com:
Bug acknowledged by developer.
(Tue, 07 Feb 2012 17:33:08 GMT) (full text, mbox, link).
Message #15 received at 649099-done@bugs.debian.org (full text, mbox, reply):
Version: 1:9.8.1.dfsg.P1-1
On Thu, Nov 17, 2011 at 11:08:48AM -0500, sacrificial-spam-address@horizon.com wrote:
> Package: bind9
> Version: 1:9.8.1.dfsg-1
> Severity: serious
> Tags: security upstream
>
> As you have probably heard, someone has found a way to remotely crash a bind9 server:
> http://isc.sans.edu/diary.html?storyid=12049
> https://www.isc.org/software/bind/advisories/cve-2011-4313
>
> A stopgap patch (9.8.1-p1) is available, and should presumably be included
> in a Debian release ASAP.
That has been uploaded, but this bug wasn't closed. Doing so now.
Kurt
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Wed, 07 Mar 2012 07:44:08 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 16:19:06 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon