Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

bind9: CVE-2015-4620: Specially Constructed Zone Data Can Cause a Resolver to Crash when Validating

Related Vulnerabilities: CVE-2015-4620  

Source

Debian Bug report logs - #791715
bind9: CVE-2015-4620: Specially Constructed Zone Data Can Cause a Resolver to Crash when Validating

version graph

Package: src:bind9; Maintainer for src:bind9 is Debian DNS Team <team+dns@tracker.debian.org>;

Reported by: Salvatore Bonaccorso <carnil@debian.org>

Date: Tue, 7 Jul 2015 20:00:13 UTC

Severity: grave

Tags: fixed-upstream, jessie, security, sid, squeeze, stretch, upstream, wheezy

Found in version bind9/1:9.7.3.dfsg-1

Fixed in versions bind9/1:9.8.4.dfsg.P1-6+nmu2+deb7u5, bind9/1:9.9.5.dfsg-9+deb8u1, bind9/1:9.9.5.dfsg-10

Done: Michael Gilbert <mgilbert@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, LaMont Jones <lamont@debian.org>:
Bug#791715; Package src:bind9. (Tue, 07 Jul 2015 20:00:16 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, LaMont Jones <lamont@debian.org>. (Tue, 07 Jul 2015 20:00:16 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: bind9: CVE-2015-4620: Specially Constructed Zone Data Can Cause a Resolver to Crash when Validating
Date: Tue, 07 Jul 2015 21:59:59 +0200
Source: bind9
Version: 1:9.7.3.dfsg-1
Severity: grave
Tags: security upstream fixed-upstream
Justification: user security hole
Control: fixed -1 1:9.9.5.dfsg-9+deb8u1

Hi,

the following vulnerability was published for bind9.

CVE-2015-4620[0]:
Specially Constructed Zone Data Can Cause a Resolver to Crash when Validating

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2015-4620
[1] https://kb.isc.org/article/AA-01267

Regards,
Salvatore

Marked as fixed in versions bind9/1:9.9.5.dfsg-9+deb8u1. Request was from Salvatore Bonaccorso <carnil@debian.org> to submit@bugs.debian.org. (Tue, 07 Jul 2015 20:00:17 GMT) (full text, mbox, link).

Marked as fixed in versions bind9/1:9.8.4.dfsg.P1-6+nmu2+deb7u5. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Tue, 07 Jul 2015 20:06:04 GMT) (full text, mbox, link).

Added tag(s) squeeze, wheezy, jessie, sid, and stretch. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Tue, 07 Jul 2015 20:09:03 GMT) (full text, mbox, link).

Reply sent to Michael Gilbert <mgilbert@debian.org>:
You have taken responsibility. (Thu, 09 Jul 2015 01:36:04 GMT) (full text, mbox, link).

Notification sent to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer. (Thu, 09 Jul 2015 01:36:04 GMT) (full text, mbox, link).

Message #16 received at 791715-close@bugs.debian.org (full text, mbox, reply):

From: Michael Gilbert <mgilbert@debian.org>
To: 791715-close@bugs.debian.org
Subject: Bug#791715: fixed in bind9 1:9.9.5.dfsg-10
Date: Thu, 09 Jul 2015 01:33:55 +0000
Source: bind9
Source-Version: 1:9.9.5.dfsg-10

We believe that the bug you reported is fixed in the latest version of
bind9, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 791715@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Gilbert <mgilbert@debian.org> (supplier of updated bind9 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 09 Jul 2015 00:43:38 +0000
Source: bind9
Binary: bind9 bind9utils bind9-doc host bind9-host libbind-dev libbind9-90 libdns100 libisc95 liblwres90 libisccc90 libisccfg90 dnsutils lwresd libbind-export-dev libdns-export100 libdns-export100-udeb libisc-export95 libisc-export95-udeb libisccfg-export90 libisccfg-export90-udeb libirs-export91 libirs-export91-udeb
Architecture: source all
Version: 1:9.9.5.dfsg-10
Distribution: unstable
Urgency: high
Maintainer: LaMont Jones <lamont@debian.org>
Changed-By: Michael Gilbert <mgilbert@debian.org>
Description:
 bind9      - Internet Domain Name Server
 bind9-doc  - Documentation for BIND
 bind9-host - Version of 'host' bundled with BIND 9.X
 bind9utils - Utilities for BIND
 dnsutils   - Clients provided with BIND
 host       - Transitional package
 libbind-dev - Static Libraries and Headers used by BIND
 libbind-export-dev - Development files for the exported BIND libraries
 libbind9-90 - BIND9 Shared Library used by BIND
 libdns-export100 - Exported DNS Shared Library
 libdns-export100-udeb - Exported DNS library for debian-installer (udeb)
 libdns100  - DNS Shared Library used by BIND
 libirs-export91 - Exported IRS Shared Library
 libirs-export91-udeb - Exported IRS library for debian-installer (udeb)
 libisc-export95 - Exported ISC Shared Library
 libisc-export95-udeb - Exported ISC library for debian-installer (udeb)
 libisc95   - ISC Shared Library used by BIND
 libisccc90 - Command Channel Library used by BIND
 libisccfg-export90 - Exported ISC CFG Shared Library
 libisccfg-export90-udeb - Exported ISC CFG library for debian-installer (udeb)
 libisccfg90 - Config File Handling Library used by BIND
 liblwres90 - Lightweight Resolver Library used by BIND
 lwresd     - Lightweight Resolver Daemon
Closes: 791715
Changes:
 bind9 (1:9.9.5.dfsg-10) unstable; urgency=high
 .
   * Fix CVE-2015-4620: DNSSEC validation of a malicously crafted zone can
     cause the resolver to crash (closes: #791715).
Checksums-Sha1:
 b3def42ea689509a4be1c64b9421f79b8d6b5f9f 4117 bind9_9.9.5.dfsg-10.dsc
 7149c21203d211a198647a2c9be65ca4517f5e9b 108340 bind9_9.9.5.dfsg-10.diff.gz
 e5dd5c021b9c630921cd0b149a6ed2b0cace2629 338856 bind9-doc_9.9.5.dfsg-10_all.deb
 0b90f3e4f3c8395f8f91c816370c307d8e1ff659 22664 host_9.9.5.dfsg-10_all.deb
Checksums-Sha256:
 8cc46c98c164a2f98bddc8a194956915b612f6ffbb04109b55ecc0674ce74217 4117 bind9_9.9.5.dfsg-10.dsc
 7cb142e8675355b7025913589b70bb9ac60927c868aa9145fba45b93113311ac 108340 bind9_9.9.5.dfsg-10.diff.gz
 0d050cbfa7533fb864791684ff7db99c516817c34cf23443abfef37e2dac4846 338856 bind9-doc_9.9.5.dfsg-10_all.deb
 f9019f3bc5fecf1277c270df98fc1d2c8089bb8bad81de8e82e19ae2ca8d17af 22664 host_9.9.5.dfsg-10_all.deb
Files:
 312729db36c95d47356a71d3474c8146 4117 net optional bind9_9.9.5.dfsg-10.dsc
 2dcfb70b371f5ed02ea9e2b6b78d5fb9 108340 net optional bind9_9.9.5.dfsg-10.diff.gz
 bdb2644b751d15ac45e313f9fe0fe79a 338856 doc optional bind9-doc_9.9.5.dfsg-10_all.deb
 3cdea92a5f523ab21119a38d19aadc8e 22664 net standard host_9.9.5.dfsg-10_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQQcBAEBCgAGBQJVncylAAoJELjWss0C1vRzT4QgALw1lWBqBP2hKTZW9DkXOMVg
jTIst3LiLsLGlSPj4UVP4hDkQTAJKnUUI90WHUhIKYSEAqki1CTm7j0dXklnEoMZ
dIlAzKBouPqMiQLUPpW1C9fL3PDT/3C3zucRH4whPdkOmb03od1+MeRX8c+SYWO4
0FLTb0SO8kjS+pSMwJjifoz4lTZwCNnP0JKjFoh+tSWbMJwycSKB8/41WxQDheWW
kVy0ca3TlvXN+U7Usq/sK+80abZwiS3TmBc5+bA6DR7ZnRxML+O4HXfI6Ab+BH/4
YWcJ7YlMouzc4+L5dQvs3gGLno5niyu1pVQRrViJFpYygWjpd/QNffHH+6DnvgjL
UJ0weahBWPKx9g+OZ+kRpS38K7yuxl3rWmPrNl6aPDk0llPCiPdwe6BoP7ZuZYQ5
QVvKSH0DmDEVX52tdav9xi/wJMSuLbctXQawbpvJAJDGzrTOsMP4UpkqUw0stMs+
R4xZqFgai5JR9CX91h4F93AWTTBEwn1cAYQF3gTBeHLI4n9kCHAncMxpRVyfHZGh
e8ZEsklCe/Dr/5YIJ5GnYjasn2zsl93t7qdjqMkyrnHv4ku36fgrDdStI9njlwWS
0eqhXqivEunFrX18QLh93nb3mDRxfSLqZo4LaxW7tq5s2J7L9pH59EXWTPfR/dYv
WsfSz+xUBu6L4HUUWVXXRVnJP6zXHX+I6z/kAFpY1OxG4uUWvkoL7quHCV2NRw2D
Uli5gYMBUKCABF96GIvOWgad3ts7VyX5P7R4k/lTy1cnuld6aQqqiMtF3exeYmnQ
MCELkLagGcsMc7AA9AzCsFFBBK/uU16deGzhQbJwfmUts1EE7h+XYYw3i6EW14eP
pSNPq1t9HnhrZZz05SjtUICLsCf/XmEaN7aoMpGQK9Q0qwYZ1R7osoTjUmbZyBb6
juEGRPIDtisEyd3891W7PjH750H1IGX5LahVvLWtVmR6q2QnujkAH+BMaBN2p8ZR
4hiJUkkeF3+0K7dxOT7rrR+sduTzTnAhQfrYt05UCAG8CuBErq6YyCvWjkbkjfHD
lVqlN8/rD/Z4C1laM8Eg3ziyqP8c683KG4Mi93Lyf+jG5+yQbU/WMcmRaDOfJpus
ylxU0gIXU5oGKXBwgNnDGi2Fmq9Kcvi+xMuVpihtu5V6h/9q274ZYZRd2KaYiCio
ANx1TWUYv0MU3YZPRLrVNIlY6tL/bqQLiosUr6ZyUBCHUVObps0pg11BeO9I7gBH
BOqot7xToeFZ72eV5nrQLNcngw4i4+kG/whG9dVB6I2AEBw+U1Xh4DD3/7/3uw/v
7l/NS7edfgVBXLJcCHuHTap+N1GGtt0cW3mQJFHYLSZDoO/r6aaHTpO89EDswRA=
=42cr
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 03 Oct 2015 07:26:28 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 18:38:58 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started