Debian Bug report logs -
#778733
bind9: CVE-2015-1349 named crash
Reported by: Michael Gilbert <mgilbert@debian.org>
Date: Thu, 19 Feb 2015 03:48:01 UTC
Severity: serious
Tags: fixed-upstream, security, upstream
Found in version bind9/1:9.7.3.dfsg-1
Fixed in versions bind9/1:9.8.4.dfsg.P1-6+nmu2+deb7u4, bind9/1:9.9.5.dfsg-9, bind9/1:9.7.3.dfsg-1~squeeze14
Done: Thorsten Alteholz <debian@alteholz.de>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>:
Bug#778733; Package src:bind9.
(Thu, 19 Feb 2015 03:48:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Michael Gilbert <mgilbert@debian.org>:
New Bug report received and forwarded. Copy sent to LaMont Jones <lamont@debian.org>.
(Thu, 19 Feb 2015 03:48:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
package: src:bind9
severity: serious
tags: security
A new security issue was disclosed for bind9:
https://security-tracker.debian.org/tracker/CVE-2015-1349
Added tag(s) upstream and fixed-upstream.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Thu, 19 Feb 2015 04:30:08 GMT) (full text, mbox, link).
Marked as found in versions bind9/1:9.7.3.dfsg-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Thu, 19 Feb 2015 04:30:09 GMT) (full text, mbox, link).
Marked as fixed in versions bind9/1:9.8.4.dfsg.P1-6+nmu2+deb7u4.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Thu, 19 Feb 2015 04:30:10 GMT) (full text, mbox, link).
Reply sent
to Michael Gilbert <mgilbert@debian.org>:
You have taken responsibility.
(Thu, 19 Feb 2015 04:36:10 GMT) (full text, mbox, link).
Notification sent
to Michael Gilbert <mgilbert@debian.org>:
Bug acknowledged by developer.
(Thu, 19 Feb 2015 04:36:10 GMT) (full text, mbox, link).
Message #16 received at 778733-close@bugs.debian.org (full text, mbox, reply):
Source: bind9
Source-Version: 1:9.9.5.dfsg-9
We believe that the bug you reported is fixed in the latest version of
bind9, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 778733@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Gilbert <mgilbert@debian.org> (supplier of updated bind9 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 19 Feb 2015 03:42:21 +0000
Source: bind9
Binary: bind9 bind9utils bind9-doc host bind9-host libbind-dev libbind9-90 libdns100 libisc95 liblwres90 libisccc90 libisccfg90 dnsutils lwresd libbind-export-dev libdns-export100 libdns-export100-udeb libisc-export95 libisc-export95-udeb libisccfg-export90 libisccfg-export90-udeb libirs-export91 libirs-export91-udeb
Architecture: source all
Version: 1:9.9.5.dfsg-9
Distribution: unstable
Urgency: high
Maintainer: LaMont Jones <lamont@debian.org>
Changed-By: Michael Gilbert <mgilbert@debian.org>
Description:
bind9 - Internet Domain Name Server
bind9-doc - Documentation for BIND
bind9-host - Version of 'host' bundled with BIND 9.X
bind9utils - Utilities for BIND
dnsutils - Clients provided with BIND
host - Transitional package
libbind-dev - Static Libraries and Headers used by BIND
libbind-export-dev - Development files for the exported BIND libraries
libbind9-90 - BIND9 Shared Library used by BIND
libdns-export100 - Exported DNS Shared Library
libdns-export100-udeb - Exported DNS library for debian-installer (udeb)
libdns100 - DNS Shared Library used by BIND
libirs-export91 - Exported IRS Shared Library
libirs-export91-udeb - Exported IRS library for debian-installer (udeb)
libisc-export95 - Exported ISC Shared Library
libisc-export95-udeb - Exported ISC library for debian-installer (udeb)
libisc95 - ISC Shared Library used by BIND
libisccc90 - Command Channel Library used by BIND
libisccfg-export90 - Exported ISC CFG Shared Library
libisccfg-export90-udeb - Exported ISC CFG library for debian-installer (udeb)
libisccfg90 - Config File Handling Library used by BIND
liblwres90 - Lightweight Resolver Library used by BIND
lwresd - Lightweight Resolver Daemon
Closes: 778733
Changes:
bind9 (1:9.9.5.dfsg-9) unstable; urgency=high
.
* Fix CVE-2015-1349: named crash due to managed key rollover, primarily only
affecting setups using DNSSEC (closes: #778733).
Checksums-Sha1:
9a4ad05114af61c623ae02796cfa7a56acc015cb 4113 bind9_9.9.5.dfsg-9.dsc
604224c1589939e7e16f39a18638056838173efc 108147 bind9_9.9.5.dfsg-9.diff.gz
716541eba7020c5dc233cba0dc5c8ab859bf0590 338882 bind9-doc_9.9.5.dfsg-9_all.deb
c449a163372f6984aac5e46b8f1dba0ca6d620c6 22654 host_9.9.5.dfsg-9_all.deb
Checksums-Sha256:
3da08a0375b7bc2b9097b783a4eaec7e32531fd2e07316bdded805752fb06860 4113 bind9_9.9.5.dfsg-9.dsc
0a373a5926d444808f1eb84a1cb5f72ce3a0778295915875af38b93be6076442 108147 bind9_9.9.5.dfsg-9.diff.gz
0b15148952edccf48a4c2071ac825f30ff8f8069c2ba160eb37434eb7dd1eb6d 338882 bind9-doc_9.9.5.dfsg-9_all.deb
9100ea2c1ced729053f0bb3bcb2b5cb5cb78861fdfff00eaad5bbdc7c27637ad 22654 host_9.9.5.dfsg-9_all.deb
Files:
184a8167a465939f18d6e43c2178f003 4113 net optional bind9_9.9.5.dfsg-9.dsc
78a09e7a1f70763574fd139923b7aa69 108147 net optional bind9_9.9.5.dfsg-9.diff.gz
04f937ae12a50b8b07ae6677d5edc3b5 338882 doc optional bind9-doc_9.9.5.dfsg-9_all.deb
bed8fe2e13f70ad2445a2be412a44d08 22654 net standard host_9.9.5.dfsg-9_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQQcBAEBCgAGBQJU5WQUAAoJELjWss0C1vRzAzIf/0H5Euk4bXc0Z938r0LYTh4w
z1O2dOOQJ4G/gKe2MYizAhgMKPdAO30fqt4r7qaPblJOBQCLZx9XL4MLxNGXlWgJ
7BXa5PaaxHEiXAqA1T80gAvBUr03C9usIPGQxPuYOivm2YjCox8n2Li+pSCUtX9v
le/xWA6bGLymyOUn7UvaqzevBgkrLTk5EpI4gQY4I94iB2W5SsuVwLZPksTd24K2
J+ZzPDBUG8oeG2KKHCr8/PD3qJy5fOtDKE7hBGxn6GQYDOQejHEXdpQAyVkIU8AJ
PpK4kLizd1fs9Ca6NEfew5rkcWfnH7BEz8mezO917R0mXjuc1e53shFepsJTViHA
kcWOO88CXkAd2quA/I1zj5rXxxsijwpVYhJTNqB8yxzV/u1CluzloiFvizUsfoXZ
JHVVj4gCxTdIpXwIZEZ6+T6VSahcuqJM/cUnasa8/mpYkdMYNxfz1ZTtUo33X08S
pIXe06UjckAd+poR8WGkrsvFfCfi/ftA+LlDjOnYC/cab+2OBkXW8pCvxs6HQXFl
jMTZn2tcxWh7CoOiSPCLIf+TPKHsUP+L6/nbnxhh9AX7Qdjop/PSALT3BBQe9i12
58we3xVCLnhlUQv3Ht+PqIb5bbYtRTHzYocRobHWG6HfAZtRSI96uWsbXV2XYXU5
1oPRTw+5LSQgJFyCivBxkq7Cn/x/JO2HaTYssfdJqWxYsyK/vEhKTgHrpYKNcU6/
7LqD/QtPCx7GQOB45sniXQQhzm08igFPfHkSN5Nqfpd5Vr2xiIato9fx5MpMDDYA
7XzpQxfClmj7Aac3RWfGCB8O+7m9M9hWOfDUbGMerLJqxxSLiJOdw4k3bNZDFtkR
RTYG1rcKzd9sBDodbWUf5ozq1ij4xqk9EbbmVI8qgu4/V2pMRqeHsPrOc5y8V8Ua
vAX7VuQliHY39Jf9BtU7J+7TZuyua4rsXYr7Ts92xJ/R8oserYCPKomeo1qQdnw+
/DOMEJuVvUdJ1/oQpUl7BK5t4zE5q7aOl9wbuHyjwjnRGt/yIjVF/S8ScwxhwiXT
+lbQxo3q5HFLpZJHQ6nR2tbOBTPp3z2jS7minbnRdlCRJv6kFwjKntMC/4cz3Tiy
PC6+eHURzlvRG8YbCvy01uWsLZZyKDkqbo1Bad7h8CQkxMxip65xMiJhTy8OeMpK
Lp0IvVkfme+U8ere3u1wBloz0rFvP+G0huDG7gv7bWKZxrTr4y5bwWerkxPAgmhv
Xq+Qt1pxR2JpdI+zfqmlJD9XwRMqKPSEkJRmBzXyqyKOPMNGlXIoloC25VcJpFL8
I7tFqUUthN8daGEU8KlMNpiMHQ6WUnhCvWoJlMOPZmJc1ym4NMIetTo3i4JeQy4=
=QG/7
-----END PGP SIGNATURE-----
Reply sent
to Thorsten Alteholz <debian@alteholz.de>:
You have taken responsibility.
(Sun, 01 Mar 2015 18:36:10 GMT) (full text, mbox, link).
Notification sent
to Michael Gilbert <mgilbert@debian.org>:
Bug acknowledged by developer.
(Sun, 01 Mar 2015 18:36:10 GMT) (full text, mbox, link).
Message #21 received at 778733-close@bugs.debian.org (full text, mbox, reply):
Source: bind9
Source-Version: 1:9.7.3.dfsg-1~squeeze14
We believe that the bug you reported is fixed in the latest version of
bind9, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 778733@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thorsten Alteholz <debian@alteholz.de> (supplier of updated bind9 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 01 Mar 2015 13:47:15 +0100
Source: bind9
Binary: bind9 bind9utils bind9-doc host bind9-host libbind-dev libbind9-60 libdns69 libisc62 liblwres60 libisccc60 libisccfg62 dnsutils lwresd
Architecture: source all i386
Version: 1:9.7.3.dfsg-1~squeeze14
Distribution: squeeze-lts
Urgency: high
Maintainer: LaMont Jones <lamont@debian.org>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Description:
bind9 - Internet Domain Name Server
bind9-doc - Documentation for BIND
bind9-host - Version of 'host' bundled with BIND 9.X
bind9utils - Utilities for BIND
dnsutils - Clients provided with BIND
host - Transitional package
libbind-dev - Static Libraries and Headers used by BIND
libbind9-60 - BIND9 Shared Library used by BIND
libdns69 - DNS Shared Library used by BIND
libisc62 - ISC Shared Library used by BIND
libisccc60 - Command Channel Library used by BIND
libisccfg62 - Config File Handling Library used by BIND
liblwres60 - Lightweight Resolver Library used by BIND
lwresd - Lightweight Resolver Daemon
Closes: 778733
Changes:
bind9 (1:9.7.3.dfsg-1~squeeze14) squeeze-lts; urgency=high
.
* Non-maintainer upload by the Squeeze LTS Team.
* CVE-2015-1349: avoid crash due to managed-key rollover.
Revoking a managed trust anchor and supplying an untrusted replacement
could cause named to crash with an assertion failure.
(Closes: #778733)
Checksums-Sha1:
05fbc8003d34ed0fd159b4ed3eaa0f71945690a4 2305 bind9_9.7.3.dfsg-1~squeeze14.dsc
01e64880e57d801662dac0fa5f5fef172b38ece1 6234034 bind9_9.7.3.dfsg.orig.tar.gz
dc7d8887552b9173683eeb4ccc6ac3331664cabb 614303 bind9_9.7.3.dfsg-1~squeeze14.diff.gz
867b7e9d4d30e4c165cd857c57bb32f3d8a5c4d9 345156 bind9-doc_9.7.3.dfsg-1~squeeze14_all.deb
758e647993107de85c361f5fc0961619dbeb27ef 19096 host_9.7.3.dfsg-1~squeeze14_all.deb
4b5d587aa339fed4a5a06c558d0694b9ac0803d5 344658 bind9_9.7.3.dfsg-1~squeeze14_i386.deb
6480053461f6686daf2361de0fd358fb43360df0 117854 bind9utils_9.7.3.dfsg-1~squeeze14_i386.deb
767f8f00dd0fdcfce7131fcaf47e5178524acb54 68718 bind9-host_9.7.3.dfsg-1~squeeze14_i386.deb
8ebbe66bdd7208d97d8b45b94f7bffe50d48e0fd 1431070 libbind-dev_9.7.3.dfsg-1~squeeze14_i386.deb
895bb4cc7961b905c560886b1b7c2529f3eaceb6 39278 libbind9-60_9.7.3.dfsg-1~squeeze14_i386.deb
ace93d712f0f351df82bae39e770681cedc3e851 670770 libdns69_9.7.3.dfsg-1~squeeze14_i386.deb
7b573924df7ede877e08c1359d08c4c936f62414 164006 libisc62_9.7.3.dfsg-1~squeeze14_i386.deb
6061e4636fdfff7d87fd2aa536d52906d4efaa4e 51554 liblwres60_9.7.3.dfsg-1~squeeze14_i386.deb
1a686ada9567fd88fe72fbcb2ea9477feb4b1582 32402 libisccc60_9.7.3.dfsg-1~squeeze14_i386.deb
ed67e9f501c918e0b683124f1e5428e7cd4d95ef 51992 libisccfg62_9.7.3.dfsg-1~squeeze14_i386.deb
396bb33bb4f31a1b097f634fc82f708daebb2438 155328 dnsutils_9.7.3.dfsg-1~squeeze14_i386.deb
1dbd341462d3eccb5f749206db67382eb7142743 231792 lwresd_9.7.3.dfsg-1~squeeze14_i386.deb
Checksums-Sha256:
39508fb990d188e211a6aa74667280b755d3382e3189ecc3027299a7fa23077f 2305 bind9_9.7.3.dfsg-1~squeeze14.dsc
6d5689000c66217e8d72bd850e690566b734b180e61b97ed1a9db5ff6e55ab11 6234034 bind9_9.7.3.dfsg.orig.tar.gz
59e923d1b2dba36682f34d75910b60720c451543031f928cf71d69d0271d77fa 614303 bind9_9.7.3.dfsg-1~squeeze14.diff.gz
0b0b8fa1f3fb27b77b0aca380ad55d5ca94559d7e5d010c51ef4bea069a4b59a 345156 bind9-doc_9.7.3.dfsg-1~squeeze14_all.deb
5d326edd1b47b6ed742acd38f23d17b813665b4589588ae604a077fc4b9a1168 19096 host_9.7.3.dfsg-1~squeeze14_all.deb
eca837c4846e1f38e55598432ffff6d4c7a73c85d413a29f2e85f6ded8511bb1 344658 bind9_9.7.3.dfsg-1~squeeze14_i386.deb
29b2fb9ddcd20a58b57379ea953f13486cc4a4a7f4d5bac01b42d889462c55c6 117854 bind9utils_9.7.3.dfsg-1~squeeze14_i386.deb
734a68635b5809925c418869f85e30cd4f999b6c92692ecdc07c4313a76b9fbb 68718 bind9-host_9.7.3.dfsg-1~squeeze14_i386.deb
ed906b7ddb164694cf4386c6cf1214049188c9835db18ebcd69a5007238a584c 1431070 libbind-dev_9.7.3.dfsg-1~squeeze14_i386.deb
b361a31d490e0207e921011fb40f7bf7e8605b3708568fd0301b3872eb89175c 39278 libbind9-60_9.7.3.dfsg-1~squeeze14_i386.deb
1951192e5544b30e1788545ee270ce0b689f2f76a1af07e0b15cac232bee9626 670770 libdns69_9.7.3.dfsg-1~squeeze14_i386.deb
991eeb19ad07e5a562b205bace1f14937ab1290d46dbcd9d148b203d4e5a8799 164006 libisc62_9.7.3.dfsg-1~squeeze14_i386.deb
d7ed5b0bfb014b5be363ef0c8cf1ef1017d301b832c7bbdd0ce0397f2d1e8e1a 51554 liblwres60_9.7.3.dfsg-1~squeeze14_i386.deb
9f2aff39f918e109c33ea49c32c10bdb3503a869c6aa9012d98ee7f4dc7fa477 32402 libisccc60_9.7.3.dfsg-1~squeeze14_i386.deb
520bdf86cec65fb1e7eb80d5e6d8f868d50189d9e70987c4a9e6ecb2f8cd0b09 51992 libisccfg62_9.7.3.dfsg-1~squeeze14_i386.deb
5dabead7852f721d847ca3cefa4dfbbf5db1d59b781aaa1205a26c814bae5d65 155328 dnsutils_9.7.3.dfsg-1~squeeze14_i386.deb
99b099dbb82c43265841e3b18f42f2111ce1c7092aef9a3307043075e3994b49 231792 lwresd_9.7.3.dfsg-1~squeeze14_i386.deb
Files:
b32ab2ac4ef03b3f5969e1a168874c36 2305 net optional bind9_9.7.3.dfsg-1~squeeze14.dsc
a2a56f923aa9d2f7edc61faa7214e377 6234034 net optional bind9_9.7.3.dfsg.orig.tar.gz
aa46beac0db99fb4d78bd0eb8c0b9319 614303 net optional bind9_9.7.3.dfsg-1~squeeze14.diff.gz
57009babd3fb61cb8da3a142cf8a9506 345156 doc optional bind9-doc_9.7.3.dfsg-1~squeeze14_all.deb
da83e74d6204d8469d9f169b856dd7be 19096 net standard host_9.7.3.dfsg-1~squeeze14_all.deb
0d054c153b75a977f58c32d36a738e70 344658 net optional bind9_9.7.3.dfsg-1~squeeze14_i386.deb
82364fa44c046f09fce7553b62e82f48 117854 net optional bind9utils_9.7.3.dfsg-1~squeeze14_i386.deb
bf6d77ce2b39a2994411067e86a7c432 68718 net standard bind9-host_9.7.3.dfsg-1~squeeze14_i386.deb
6b585fca7e8e3b15a7c9fd674e9b5edb 1431070 libdevel optional libbind-dev_9.7.3.dfsg-1~squeeze14_i386.deb
fc245e897c3c8321008f039739b5d602 39278 libs standard libbind9-60_9.7.3.dfsg-1~squeeze14_i386.deb
a80c12c95273c5e021be27c89fa9e0c8 670770 libs standard libdns69_9.7.3.dfsg-1~squeeze14_i386.deb
ef43ef97cf5fb1d3c5455baa48c66b40 164006 libs standard libisc62_9.7.3.dfsg-1~squeeze14_i386.deb
923fe0bf8bd217fd6444aa273503f68e 51554 libs standard liblwres60_9.7.3.dfsg-1~squeeze14_i386.deb
d038fd9b909ee6cb506be7fdaa9e3857 32402 libs optional libisccc60_9.7.3.dfsg-1~squeeze14_i386.deb
35e7a0c1e6dcc1e54a9cda1a02badfb1 51992 libs optional libisccfg62_9.7.3.dfsg-1~squeeze14_i386.deb
d5149d4b36503eb7860ee73934097b8e 155328 net standard dnsutils_9.7.3.dfsg-1~squeeze14_i386.deb
d9a018a4b2ad2f830e1aeb21176b9f4d 231792 net optional lwresd_9.7.3.dfsg-1~squeeze14_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQJ8BAEBCgBmBQJU81dQXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hH/QoP/RuldEKA9ugLi02IZkh/brVH
495Gprp0zDYeJrMe9ljAlGhWWPHfn+e+4m5raDAitNnvG0epGVx7JIKIszlt9Pe+
BD4fZWIeDdxh8BnEDV7v3dsO/NbKQKzK5HaozxoRRcJIhKBVUyfnjNcx/zQmuIpN
hOjQiaUjjDUYDUNi0qOrkaUyUu1O+tNiKUZIUDcx9kwCKJrj7/vtfU3Ji0IHfJKg
nyLSJAoA3vqJYR2aOxU0vbV18uDvNfMs2pZ9knzbB/fSJrrWPF7kpiOT1L+BfYhK
pi0lb/Y4AwtsisfUa6TzPtouqSZvvssfMMjV18wUJeIcfHCK0JERyLiNSaAmL0yV
QuSzB67+TZgXE0PriQkeJY0IrbNtDrn53INeM470ANtRwT2cYU7TA5SPrFuWyV5j
7vCluyKV6GZ5xrillznDyyXnuyW/m8yXrXcNos8CYy7AixEzCocY+bnyy9ZFngrt
WJ3uWeAMznL0p5D3h7JHoF1x/+nbaq9ijWoeBJ/Ff5Mx1fSmTmPwmABhNk0kQBsq
B+htGWaIxyF7xt/uGucq37xCYgSzyTiARrZ/4bh4BjIiIpocN01rmUmzgpHd+ETL
S+cNMfbyXrCbYehT1xx+Oq6eDTP3cbnA86gMwnSrNvJ7XcqtlTA8RcNzhYuWLegp
+sJZ44Ivg4nVAa5QWYIg
=EfGX
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 24 May 2015 07:43:11 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 16:36:05 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon