bind9: CVE-2014-8500: A Defect in Delegation Handling Can Be Exploited to Crash BIND

Debian Bug report logs - #772610
bind9: CVE-2014-8500: A Defect in Delegation Handling Can Be Exploited to Crash BIND

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: bind9: CVE-2014-8500: A Defect in Delegation Handling Can Be Exploited to Crash BIND

Date: Tue, 09 Dec 2014 06:55:12 +0100

Source: bind9
Version: 1:9.8.4.dfsg.P1-6
Severity: grave
Tags: security upstream fixed-upstream
Control: fixed -1 1:9.8.4.dfsg.P1-6+nmu2+deb7u3


Hi,

the following vulnerability was published for bind9.

CVE-2014-8500[0]:
A Defect in Delegation Handling Can Be Exploited to Crash BIND

For wheezy-security this was already fixed with DSA-3094-1[1]. See
also [2] for further details.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2014-8500
[1] https://lists.debian.org/debian-security-announce/2014/msg00284.html
[2] https://kb.isc.org/article/AA-01216/0

Regards,
Salvatore

Message #12 received at 772610-close@bugs.debian.org (full text, mbox, reply):

From: Michael Gilbert <mgilbert@debian.org>

To: 772610-close@bugs.debian.org

Subject: Bug#772610: fixed in bind9 1:9.9.5.dfsg-7

Date: Sun, 14 Dec 2014 05:33:56 +0000

Source: bind9
Source-Version: 1:9.9.5.dfsg-7

We believe that the bug you reported is fixed in the latest version of
bind9, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 772610@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Gilbert <mgilbert@debian.org> (supplier of updated bind9 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 14 Dec 2014 05:05:48 +0000
Source: bind9
Binary: bind9 bind9utils bind9-doc host bind9-host libbind-dev libbind9-90 libdns100 libisc95 liblwres90 libisccc90 libisccfg90 dnsutils lwresd libbind-export-dev libdns-export100 libdns-export100-udeb libisc-export95 libisc-export95-udeb libisccfg-export90 libisccfg-export90-udeb libirs-export91 libirs-export91-udeb
Architecture: source all
Version: 1:9.9.5.dfsg-7
Distribution: unstable
Urgency: medium
Maintainer: LaMont Jones <lamont@debian.org>
Changed-By: Michael Gilbert <mgilbert@debian.org>
Description:
 bind9      - Internet Domain Name Server
 bind9-doc  - Documentation for BIND
 bind9-host - Version of 'host' bundled with BIND 9.X
 bind9utils - Utilities for BIND
 dnsutils   - Clients provided with BIND
 host       - Transitional package
 libbind-dev - Static Libraries and Headers used by BIND
 libbind-export-dev - Development files for the exported BIND libraries
 libbind9-90 - BIND9 Shared Library used by BIND
 libdns-export100 - Exported DNS Shared Library
 libdns-export100-udeb - Exported DNS library for debian-installer (udeb)
 libdns100  - DNS Shared Library used by BIND
 libirs-export91 - Exported IRS Shared Library
 libirs-export91-udeb - Exported IRS library for debian-installer (udeb)
 libisc-export95 - Exported ISC Shared Library
 libisc-export95-udeb - Exported ISC library for debian-installer (udeb)
 libisc95   - ISC Shared Library used by BIND
 libisccc90 - Command Channel Library used by BIND
 libisccfg-export90 - Exported ISC CFG Shared Library
 libisccfg-export90-udeb - Exported ISC CFG library for debian-installer (udeb)
 libisccfg90 - Config File Handling Library used by BIND
 liblwres90 - Lightweight Resolver Library used by BIND
 lwresd     - Lightweight Resolver Daemon
Closes: 772610
Changes:
 bind9 (1:9.9.5.dfsg-7) unstable; urgency=medium
 .
   * Fix CVE-2014-8500: limit recursion in order to avoid memory consuption
     issues that can lead to denial-of-service (closes: #772610).
Checksums-Sha1:
 b56dc29239fb88318af6a73c37493bbf3373dc7c 4113 bind9_9.9.5.dfsg-7.dsc
 aac97514cfa14e467ce1f0f199f71e9e1e06c584 107703 bind9_9.9.5.dfsg-7.diff.gz
 4667c330f671b9a034daf1e1dedaab237ae92388 338714 bind9-doc_9.9.5.dfsg-7_all.deb
 c0f996db5358236d216b450a1b2f22c94a092509 22510 host_9.9.5.dfsg-7_all.deb
Checksums-Sha256:
 600fb8a0c0acb2e740a10969e2dab5401fbdbf942e245cb84654f5f4bbc14e44 4113 bind9_9.9.5.dfsg-7.dsc
 d37dd0612e5909502cd9c906b52529dc6c8e922e743c56a48b6e24c70e32db86 107703 bind9_9.9.5.dfsg-7.diff.gz
 fd049f6d609e093d6124818f6abf5616301f90e46495c8292a7036ab2b3974ee 338714 bind9-doc_9.9.5.dfsg-7_all.deb
 b8c04bae1e77fe13d6df77c473d14f682df236097854f156945a78120194b2ed 22510 host_9.9.5.dfsg-7_all.deb
Files:
 13a70df7c08b6a3dffd77137f17c3880 4113 net optional bind9_9.9.5.dfsg-7.dsc
 16954b0b2088a2c1258857b97f649702 107703 net optional bind9_9.9.5.dfsg-7.diff.gz
 2a41f5feb3924fcbf4b007053b37fef0 338714 doc optional bind9-doc_9.9.5.dfsg-7_all.deb
 1cda7976cb26ec385c98f0010fe365da 22510 net standard host_9.9.5.dfsg-7_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQQcBAEBCgAGBQJUjR7UAAoJELjWss0C1vRz5nsgAI2HvIZGaxAAsgt2ZiyioQiI
Z5+f110i3/GZs6GNDbvnMZWr9XHKXpabE5iVjnSvU0K9pB8AbYaO4QzEgAH8KKrP
ZupSLS89fg/G1Y1c0ua83GanQ05x0bJ5ej9/Rpuy8aZ6rsGhhSdbKHOIkyjJ8BnA
vKU/1kTVxyL7bL4WDGJbhPiNNU4O5zirCCzWCTiJXkktEeJ9oK1xkfN447MBa4Mh
n7XXogh45UwPEh9xW9RBCpZYV94gvI7OUkSjeaEZ5s8XTsjGFom06KrkGe93hx8A
+LJW0A9wXGieUezF5y2SSNUUzoOdDmTL5OB4v75P36KeBjaGLxrjcEDloWC2mSj1
I3Q8vWCxJ+ErUy5LZQwT9tjjEBWGYxt9ID0VGG10Rqw9Jn7WvEU6sQOffTiWcFo5
hNa6OOjh9rBQQSzKNwijNEvCkOx8HhF66F6+0btckepSF11B1ULf0fSPf3VaLHDd
2E/Qq39iIb1kX0gbEbRhYrwjV0WwCznUi7hs0wT3HGfM+/d1RhTmq4PuQW6T+C0L
y0M9UKNYCN72GOQhkGqmC6QB13cWIAHgs5lAgd8VDnCbfoHXEYEXjwnVxJhlJXNQ
+fEs774Gyfqf00bIc1vqqDHaxDlrGId5yDClxR9J5NnwqlzJHe0kkQgqm9WY4bDv
ZrRzbGYoAY9xsfu4fZ5v/zfw5I79Sv9tVpOxmp7W1xtqM1OOfVJQpxR+HdWr7xKX
nNksHpJyE7mjbqo9mukusa7w2tTRDKShr1LSuKcnc9ovJ3ayJ5ZdjAP3YFcZke9s
2taRbDiYK/IdVkZf0Fr70zhB91VELjSIrrbh6ERDh4ki+0y6znEN1pOwQtwkZQCP
Bp30qmGmHRsDEvxy/DCsC3u41RDfoCcNt9MyqrBQ7hVwDpWBcDkpMc8X/IEKfFUR
X7hvMmSIA2gt8vs3eE7Z/4wij2Tfes3U3u/PQWBpDpmS1xQ/HT8eHrQLhoZeo5y9
4URpCKmIFCYKjk/QxjOx3sPCOkdK+WPZ2fy4Ug38hx9zlsGbs7CCTNUVsS+YvJyH
EiLSuIQlBuMGyLkYrWl23fEYXMt95DW9eYAf6nKJNBdVCtzGu0v+FoRgZGox2nbX
7pS/03XD0wA7ghvZ+WlnhtA1BwHHXuuBcgJhhzuiTCLbARhnYbp6kARJ8nDnQEWb
GngsL8eKXFDoFbcGgC+6svZ3CFpgbELwZw3+n+IUzUsYwq14wn/NepEyaD6/pn3B
B3lVHTb3ujpdp4dQ9Umwm3PnuUV22bk67INrvQqJEyc2dti92ik7T4VByj5MZcYw
D4YYdUAzsdWURWyc3z8DRmNyw6HU3zZZEQmAIL6XelGd00zonn5xhtPZoiXuQhM=
=L1pX
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.