Debian Bug report logs -
#793903
bind9: CVE-2015-5477: An error in handling TKEY queries can cause named to exit with a REQUIRE assertion failure
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Tue, 28 Jul 2015 19:30:02 UTC
Severity: grave
Tags: fixed-upstream, patch, security, upstream
Found in version bind9/1:9.7.3.dfsg-1
Fixed in versions bind9/1:9.7.3.dfsg-1~squeeze16, bind9/1:9.9.5.dfsg-9+deb8u2, bind9/1:9.8.4.dfsg.P1-6+nmu2+deb7u6, bind9/1:9.9.5.dfsg-11
Done: Michael Gilbert <mgilbert@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, LaMont Jones <lamont@debian.org>:
Bug#793903; Package src:bind9.
(Tue, 28 Jul 2015 19:30:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, LaMont Jones <lamont@debian.org>.
(Tue, 28 Jul 2015 19:30:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: bind9
Version: 1:9.7.3.dfsg-1
Severity: grave
Tags: security upstream patch fixed-upstream
Hi,
the following vulnerability was published for bind9.
CVE-2015-5477[0]:
| An error in handling TKEY queries can cause named to exit with a
| REQUIRE assertion failure
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-5477
[1] https://kb.isc.org/article/AA-01272/0
Regards,
Salvatore
Marked as fixed in versions bind9/1:9.7.3.dfsg-1~squeeze16.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Tue, 28 Jul 2015 19:33:09 GMT) (full text, mbox, link).
Marked as fixed in versions bind9/1:9.8.4.dfsg.P1-6+nmu2+deb7u6.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Tue, 28 Jul 2015 19:33:10 GMT) (full text, mbox, link).
Marked as fixed in versions bind9/1:9.9.5.dfsg-9+deb8u2.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Tue, 28 Jul 2015 19:33:11 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>:
Bug#793903; Package src:bind9.
(Wed, 29 Jul 2015 06:18:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to LaMont Jones <lamont@debian.org>.
(Wed, 29 Jul 2015 06:18:03 GMT) (full text, mbox, link).
Message #16 received at 793903@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Control: tags 793903 + pending
Hi Mike,
I've prepared an NMU for bind9 (versioned as 1:9.9.5.dfsg-10.1) and
uploaded it to DELAYED/2. Please feel free to tell me if I should
delay it longer or if I should cancel it instead and you handle the
upload yourself.
Regards,
Salvatore
[bind9-9.9.5.dfsg-10.1-nmu.diff (text/x-diff, attachment)]
Added tag(s) pending.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to 793903-submit@bugs.debian.org.
(Wed, 29 Jul 2015 06:18:03 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>:
Bug#793903; Package src:bind9.
(Thu, 30 Jul 2015 00:42:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Michael Gilbert <mgilbert@debian.org>:
Extra info received and forwarded to list. Copy sent to LaMont Jones <lamont@debian.org>.
(Thu, 30 Jul 2015 00:42:03 GMT) (full text, mbox, link).
Message #23 received at 793903@bugs.debian.org (full text, mbox, reply):
On Wed, Jul 29, 2015 at 2:15 AM, Salvatore Bonaccorso wrote:
> Control: tags 793903 + pending
>
> Hi Mike,
>
> I've prepared an NMU for bind9 (versioned as 1:9.9.5.dfsg-10.1) and
> uploaded it to DELAYED/2. Please feel free to tell me if I should
> delay it longer or if I should cancel it instead and you handle the
> upload yourself.
Hi Salvatore,
I went ahead and handled it myself. Thanks for the help!
Best wishes,
Mike
Reply sent
to Michael Gilbert <mgilbert@debian.org>:
You have taken responsibility.
(Thu, 30 Jul 2015 00:51:05 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Thu, 30 Jul 2015 00:51:05 GMT) (full text, mbox, link).
Message #28 received at 793903-close@bugs.debian.org (full text, mbox, reply):
Source: bind9
Source-Version: 1:9.9.5.dfsg-11
We believe that the bug you reported is fixed in the latest version of
bind9, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 793903@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Gilbert <mgilbert@debian.org> (supplier of updated bind9 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 29 Jul 2015 23:46:48 +0000
Source: bind9
Binary: bind9 bind9utils bind9-doc host bind9-host libbind-dev libbind9-90 libdns100 libisc95 liblwres90 libisccc90 libisccfg90 dnsutils lwresd libbind-export-dev libdns-export100 libdns-export100-udeb libisc-export95 libisc-export95-udeb libisccfg-export90 libisccfg-export90-udeb libirs-export91 libirs-export91-udeb
Architecture: source all
Version: 1:9.9.5.dfsg-11
Distribution: unstable
Urgency: high
Maintainer: LaMont Jones <lamont@debian.org>
Changed-By: Michael Gilbert <mgilbert@debian.org>
Description:
bind9 - Internet Domain Name Server
bind9-doc - Documentation for BIND
bind9-host - Version of 'host' bundled with BIND 9.X
bind9utils - Utilities for BIND
dnsutils - Clients provided with BIND
host - Transitional package
libbind-dev - Static Libraries and Headers used by BIND
libbind-export-dev - Development files for the exported BIND libraries
libbind9-90 - BIND9 Shared Library used by BIND
libdns-export100 - Exported DNS Shared Library
libdns-export100-udeb - Exported DNS library for debian-installer (udeb)
libdns100 - DNS Shared Library used by BIND
libirs-export91 - Exported IRS Shared Library
libirs-export91-udeb - Exported IRS library for debian-installer (udeb)
libisc-export95 - Exported ISC Shared Library
libisc-export95-udeb - Exported ISC library for debian-installer (udeb)
libisc95 - ISC Shared Library used by BIND
libisccc90 - Command Channel Library used by BIND
libisccfg-export90 - Exported ISC CFG Shared Library
libisccfg-export90-udeb - Exported ISC CFG library for debian-installer (udeb)
libisccfg90 - Config File Handling Library used by BIND
liblwres90 - Lightweight Resolver Library used by BIND
lwresd - Lightweight Resolver Daemon
Closes: 793903
Changes:
bind9 (1:9.9.5.dfsg-11) unstable; urgency=high
.
* Fix CVE-2015-5477: maliciously crafted TKEY query can cause named to exit
(closes: #793903).
Checksums-Sha1:
2219b4351c26989c0652917cf85a8397c0705de3 4117 bind9_9.9.5.dfsg-11.dsc
0c663b6a55cb6c4e239d7dda28dc2cffc36cb8c2 108582 bind9_9.9.5.dfsg-11.diff.gz
a92574641d06b927ef09e221fa7b459d224ab222 338920 bind9-doc_9.9.5.dfsg-11_all.deb
b2b9f1df2d22836c409665126ff93abb4b8ab9e6 22710 host_9.9.5.dfsg-11_all.deb
Checksums-Sha256:
8d7302d6bf42ae3d7ce8b7cecf0381c6145cc8b1e10570d73650e6f75d9f1a9e 4117 bind9_9.9.5.dfsg-11.dsc
2ff6f4572d3c6552bf900857243c65512100da9ad355f9426b0eab26ddced03b 108582 bind9_9.9.5.dfsg-11.diff.gz
87359b9e59153725c43bbe60d175acaddd11259ef632df564a2582a81df8f7bd 338920 bind9-doc_9.9.5.dfsg-11_all.deb
99341797fae6b0bd6bf75d032ccdb8f092dc20eeeaa66d67be582f996f9f2582 22710 host_9.9.5.dfsg-11_all.deb
Files:
b06c46f8133cd6189ece5874f47623a6 4117 net optional bind9_9.9.5.dfsg-11.dsc
dc1dd20c8beb4886940940908ec6c519 108582 net optional bind9_9.9.5.dfsg-11.diff.gz
af71aa973bef7a5c96606b6a123212a8 338920 doc optional bind9-doc_9.9.5.dfsg-11_all.deb
85102cc170dfbb465c7fa6dfa0ab5938 22710 net standard host_9.9.5.dfsg-11_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQQcBAEBCgAGBQJVuXFOAAoJELjWss0C1vRz9NogALkqtvLf3gghEAXITj66HCF9
s33Fb/lT77oz8R3CAcQg7QK9eNxWygo060NnttLql1sKYH1nMhOzQZDGt+TGzt8O
ajU+uty/1Rw3z2lOgE5UDJxy/BjNbp+0dwLw2G4clxKwYvGa5Lg90EheQnvAP/nC
/64l/DmbycUxuNxYoUbR381SusyTYwVSNTSDKAlTD82Gn92yAKpIe+sT+ryAQp5n
Nl+4aBqzAHnkD0oM7y262VsN7xQ2j+Fos2JlPH+nbCHm4uCkjvpIlEhlw3HwqFym
5Njpa/Z9aWgumfDim15HNizoJ/t5YxohQTzWz/Bwq0W0dP6ugjPpGgK3h4HKxTm+
TWu9IEYjpMRnBeKKyH+gnKanFbHEpXdFle5Zhl6puLUjLi1XKd2pXnhnN6O9DXYR
kuF3774aspngisqcgu6iLfWFLj+nG2XVqa2CToz/GbjzlYNSnoGtOKmYYkvGHfvG
ob53aYgnAFNzJUYyXWWVeKuPEdCvzdxGoWaVrZPtGi/wnZeqpLR5VnWat6kYthTl
kgjeUIds1f5thj94tESO7gUQ3pHww2HjSSOToY6ILBNP9FN+wEPnvN2vYKcFqipX
L+hoOot0tHNJYEKb0BP9g6ZJHgMGcz5XhxYYvml4/nehRq6O/OKmKT4t5/Bs5LEL
9li/TDHSm5uLn54vYRv1S8mjNtEgdAwC1ucUweZGEpbnkichmHazhwZl3BJ9u0Qz
xamjBhtMpg5Scl+zbMwK/NSnK32LCrEsTj2hXGfQa0ErhShbeusOtTivmnBF9Xxa
+rwxq/epOeDOiBKNztY3MAUmTx1zk/Q48sBJH+ff16vdOUUbWrJE0W2061cgNMqc
okyUhRVLgeJlV1GvxCf+T7C1h/f8JgQLIyINPM5MnDM3WG6HBCw/Ptf/3lJ7P1qg
GtcXX2O0o6SBLvvKIk+j+4OevzCytEAAf8Bhy/E6CnyaCqqrfV+jsa4R16K8RJUo
XMVdNt+RYizdxyzEx7f79C3UPtH6LdFGGhbkUxi6i8ptj9CLCugDuXipEzazxcS5
/MyAH7rdOgnvainF0ZkDbaSAZr7SmkpXLX5O6YLn6CvcAZ8bXVUNjPawWOjWIXx+
WsmwOKxuCkWtFY3/ImtVoKxmh45C2Bro9RdFO5HsHgyNn89EDvakLKMpgQSMURvV
UTYKUa8WaJywSskHGVq7ah+8tlyzfIgfIVzptM1y3LlDYMui83C7uG8gHi5hpBUJ
jB/5HbvwZ1Sp+vjV+1zS19XKbfeJt4GufdraE5CBkwrSKh43ESCEs5csiWBGFfbG
IOjogBWLxeRPEbWuR+Ca9nMtpM/b1o9fTe5Ox5Mk9LhtMHxdOx5Ti1P7uN//C70=
=AbrP
-----END PGP SIGNATURE-----
Information forwarded
to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>:
Bug#793903; Package src:bind9.
(Thu, 30 Jul 2015 04:45:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to LaMont Jones <lamont@debian.org>.
(Thu, 30 Jul 2015 04:45:04 GMT) (full text, mbox, link).
Message #33 received at 793903@bugs.debian.org (full text, mbox, reply):
Hi Mike,
On Wed, Jul 29, 2015 at 08:39:10PM -0400, Michael Gilbert wrote:
> On Wed, Jul 29, 2015 at 2:15 AM, Salvatore Bonaccorso wrote:
> > Control: tags 793903 + pending
> >
> > Hi Mike,
> >
> > I've prepared an NMU for bind9 (versioned as 1:9.9.5.dfsg-10.1) and
> > uploaded it to DELAYED/2. Please feel free to tell me if I should
> > delay it longer or if I should cancel it instead and you handle the
> > upload yourself.
>
> Hi Salvatore,
>
> I went ahead and handled it myself. Thanks for the help!
That's great! Thank you as well. I have cancelled the upload in the
deferred queue.
Regards,
Salvatore
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sat, 03 Oct 2015 07:25:35 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 17:01:59 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon