Debian Bug report logs -
#605876
BIND 9.7.2-P3 (CVE-2010-3613, CVE-2010-3614 and CVE-2010-3615)
Reported by: Hideki Yamane <henrich@debian.or.jp>
Date: Sat, 4 Dec 2010 10:51:01 UTC
Severity: grave
Tags: security
Fixed in version bind9/1:9.7.2.dfsg.P3-1
Done: LaMont Jones <lamont@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>
:
Bug#605876
; Package bind9
.
(Sat, 04 Dec 2010 10:51:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Hideki Yamane <henrich@debian.or.jp>
:
New Bug report received and forwarded. Copy sent to LaMont Jones <lamont@debian.org>
.
(Sat, 04 Dec 2010 10:51:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: bind9
Severity: grave
Tags: security
Hi,
Upstream has released BIND 9.7.2-P3, it includes bug and security fixes,
assigned as CVE-2010-3613, CVE-2010-3614 and CVE-2010-3615.
Please consider to update bind9.
For detail, see http://ftp.isc.org/isc/bind9/9.7.2-P3/RELEASE-NOTES-BIND-9.7.2-P3.html#id36112448
> * Adding a NO DATA signed negative response to cache failed to clear
> any matching RRSIG records already in cache. A subsequent lookup of
> the cached NO DATA entry could crash named (INSIST) when the
> unexpected RRSIG was also returned with the NO DATA cache entry.
> [RT #22288] [CVE-2010-3613] [VU#706148]
> * BIND, acting as a DNSSEC validator, was determining if the NS RRset
> is insecure based on a value that could mean either that the RRset
> is actually insecure or that there wasn't a matching key for the
> RRSIG in the DNSKEY RRset when resuming from validating the DNSKEY
> RRset. This can happen when in the middle of a DNSKEY algorithm
> rollover, when two different algorithms were used to sign a zone
> but only the new set of keys are in the zone DNSKEY RRset. [RT
> #22309] [CVE-2010-3614] [VU#837744]
> * When BIND is running as an authoritative server for a zone and
> receives a query for that zone data, it first checks for
> allow-query acls in the zone statement, then in that view, then in
> global options. If none of these exist, it defaults to allowing any
> query (allow-query {"any"};).
> With this bug, if the allow-query is not set in the zone statement,
> it failed to check in view or global options and fell back to the
> default of allowing any query. This means that queries that the
> zone owner did not wish to allow were incorrectly allowed. [RT
> #22418] [CVE-2010-3615] [VU#510208]
--
Regards,
Hideki Yamane henrich @ debian.or.jp/org
http://wiki.debian.org/HidekiYamane
Reply sent
to LaMont Jones <lamont@debian.org>
:
You have taken responsibility.
(Sun, 05 Dec 2010 09:33:03 GMT) (full text, mbox, link).
Notification sent
to Hideki Yamane <henrich@debian.or.jp>
:
Bug acknowledged by developer.
(Sun, 05 Dec 2010 09:33:03 GMT) (full text, mbox, link).
Message #10 received at 605876-done@bugs.debian.org (full text, mbox, reply):
fixed 1:9.7.2.dfsg.P3-1
--
lamont
Bug Marked as fixed in versions bind9/1:9.7.2.dfsg.P3-1.
Request was from Hideki Yamane <henrich@debian.or.jp>
to control@bugs.debian.org
.
(Mon, 06 Dec 2010 15:45:07 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>
:
Bug#605876
; Package bind9
.
(Tue, 04 Jan 2011 09:21:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Lónyai Gergely <gergely.lonyai@webinform.hu>
:
Extra info received and forwarded to list. Copy sent to LaMont Jones <lamont@debian.org>
.
(Tue, 04 Jan 2011 09:21:02 GMT) (full text, mbox, link).
Message #17 received at 605876@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hi,
Will there port to the lenny (security) release?
Aleph
[smime.p7s (application/pkcs7-signature, attachment)]
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Wed, 02 Feb 2011 07:37:21 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 17:48:56 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.