Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2012-3817

Related Vulnerabilities: CVE-2012-3817  

Source

Debian Bug report logs - #683259
CVE-2012-3817

version graph

Package: bind9; Maintainer for bind9 is Debian DNS Team <team+dns@tracker.debian.org>; Source for bind9 is src:bind9 (PTS, buildd, popcon).

Reported by: Moritz Muehlenhoff <muehlenhoff@univention.de>

Date: Mon, 30 Jul 2012 08:54:01 UTC

Severity: grave

Tags: security

Fixed in version bind9/1:9.8.1.dfsg.P1-4.2

Done: Nico Golde <nion@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, LaMont Jones <lamont@debian.org>:
Bug#683259; Package bind9. (Mon, 30 Jul 2012 08:54:04 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <muehlenhoff@univention.de>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, LaMont Jones <lamont@debian.org>. (Mon, 30 Jul 2012 08:54:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <muehlenhoff@univention.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2012-3817
Date: Mon, 30 Jul 2012 10:52:02 +0200
Package: bind9
Severity: grave
Tags: security

Please see https://kb.isc.org/article/AA-00729

Since Wheezy is frozen, please fix this with an isolated fix instead of
updating to a new upstream release.

Cheers,
        Moritz

Reply sent to Nico Golde <nion@debian.org>:
You have taken responsibility. (Mon, 30 Jul 2012 19:21:11 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <muehlenhoff@univention.de>:
Bug acknowledged by developer. (Mon, 30 Jul 2012 19:21:11 GMT) (full text, mbox, link).

Message #10 received at 683259-close@bugs.debian.org (full text, mbox, reply):

From: Nico Golde <nion@debian.org>
To: 683259-close@bugs.debian.org
Subject: Bug#683259: fixed in bind9 1:9.8.1.dfsg.P1-4.2
Date: Mon, 30 Jul 2012 19:17:14 +0000
Source: bind9
Source-Version: 1:9.8.1.dfsg.P1-4.2

We believe that the bug you reported is fixed in the latest version of
bind9, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 683259@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Nico Golde <nion@debian.org> (supplier of updated bind9 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 30 Jul 2012 20:56:10 +0200
Source: bind9
Binary: bind9 bind9utils bind9-doc host bind9-host libbind-dev libbind9-80 libdns81 libisc83 liblwres80 libisccc80 libisccfg82 dnsutils lwresd
Architecture: source all amd64
Version: 1:9.8.1.dfsg.P1-4.2
Distribution: unstable
Urgency: high
Maintainer: LaMont Jones <lamont@debian.org>
Changed-By: Nico Golde <nion@debian.org>
Description: 
 bind9      - Internet Domain Name Server
 bind9-doc  - Documentation for BIND
 bind9-host - Version of 'host' bundled with BIND 9.X
 bind9utils - Utilities for BIND
 dnsutils   - Clients provided with BIND
 host       - Transitional package
 libbind-dev - Static Libraries and Headers used by BIND
 libbind9-80 - BIND9 Shared Library used by BIND
 libdns81   - DNS Shared Library used by BIND
 libisc83   - ISC Shared Library used by BIND
 libisccc80 - Command Channel Library used by BIND
 libisccfg82 - Config File Handling Library used by BIND
 liblwres80 - Lightweight Resolver Library used by BIND
 lwresd     - Lightweight Resolver Daemon
Closes: 683259
Changes: 
 bind9 (1:9.8.1.dfsg.P1-4.2) unstable; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Fix denial of service vulnerability triggered
     through an assert because of using bad cache
     (CVE-2012-3817; Closes: #683259).
Checksums-Sha1: 
 9e95f51a8a130ce2765c00907248bd24863c0e42 1958 bind9_9.8.1.dfsg.P1-4.2.dsc
 7bfb398d72345238a918d4a7f7b9b92726784ca8 503942 bind9_9.8.1.dfsg.P1-4.2.diff.gz
 d6e9cae12febccd9d199743021a3bedb4657c162 356524 bind9-doc_9.8.1.dfsg.P1-4.2_all.deb
 471581f86fc8ae4c8797809a25aa09304e07ea49 19464 host_9.8.1.dfsg.P1-4.2_all.deb
 2ef0aa890fe807e30579773887839c6188f061d5 362934 bind9_9.8.1.dfsg.P1-4.2_amd64.deb
 5eea7808e7764c4547f870621cfd0394c6e4362a 122888 bind9utils_9.8.1.dfsg.P1-4.2_amd64.deb
 2bdbae2398d71c1cca8d6c668aeae6c23cefd7d4 72140 bind9-host_9.8.1.dfsg.P1-4.2_amd64.deb
 064aec6cdd693aa1d96568714d22ffd8d9cae2f1 1538140 libbind-dev_9.8.1.dfsg.P1-4.2_amd64.deb
 8bd40d23c7d4869a06b23db5907b40a4ed40888e 40692 libbind9-80_9.8.1.dfsg.P1-4.2_amd64.deb
 dde47ddd87b4a870df4c9104fbd8c06229f158ee 728260 libdns81_9.8.1.dfsg.P1-4.2_amd64.deb
 fea6769d094f939cc597808358c3399ce5b7d565 177496 libisc83_9.8.1.dfsg.P1-4.2_amd64.deb
 6976b1855b28723c6df2d39dcd65c65578963dc8 53936 liblwres80_9.8.1.dfsg.P1-4.2_amd64.deb
 3f15cfbfb83af28b1755fbf5e65a0cb4bea43c73 34618 libisccc80_9.8.1.dfsg.P1-4.2_amd64.deb
 a2c2895ca68bac19086b37307c02c4908e0fe249 60432 libisccfg82_9.8.1.dfsg.P1-4.2_amd64.deb
 e9521520aa85e5e55caec7b4597f46db2b273946 164490 dnsutils_9.8.1.dfsg.P1-4.2_amd64.deb
 ccde65f94e8ca6c6e18f9fcbb339c1104f32b9f3 240402 lwresd_9.8.1.dfsg.P1-4.2_amd64.deb
Checksums-Sha256: 
 21afd2a136b3663268000177f9e55baf0cfd60e2c1b4fc118f28d2c95f1a00f4 1958 bind9_9.8.1.dfsg.P1-4.2.dsc
 4f3eeec7cfcd37d39b5702e7c5b442bfafed059d1a99cd9054fe18206df7660a 503942 bind9_9.8.1.dfsg.P1-4.2.diff.gz
 36e0841cc912c0e9c65dd5cdbe259b1d73f4683ffa1e9dfa0695efb96664d5c1 356524 bind9-doc_9.8.1.dfsg.P1-4.2_all.deb
 39c9158cc4d8f3a41daccd3a91ae158722a81dba3dba7fc4cb620738f74ed74b 19464 host_9.8.1.dfsg.P1-4.2_all.deb
 d9f54f5f77eabc115366e18834be23ee3e94f383a0641692af9278137cd2bdf7 362934 bind9_9.8.1.dfsg.P1-4.2_amd64.deb
 dda82e49e8f37b391f565a8339e43829fff334503494575c801967b2d3571768 122888 bind9utils_9.8.1.dfsg.P1-4.2_amd64.deb
 0a04d77e345d8a581e8e4673e6b1a029c21848577fab64eef13cf9df15df8bbf 72140 bind9-host_9.8.1.dfsg.P1-4.2_amd64.deb
 e4836cfa867593aba9a4bca72735f3ed817b6d528b7cb2c1e9d5f02fcaef4b6d 1538140 libbind-dev_9.8.1.dfsg.P1-4.2_amd64.deb
 e20313539289eba5be149680ab1a4ed808b014f446105cc3c910ab4a6586feae 40692 libbind9-80_9.8.1.dfsg.P1-4.2_amd64.deb
 236ecfe764a84e2ccffc2712bc490d1aa121b7151b98fce1e327aa328cbbc522 728260 libdns81_9.8.1.dfsg.P1-4.2_amd64.deb
 a9360eb66316bbbfc3d0a61011ebdabc378251d866a4193cc8b4ba95dc15743c 177496 libisc83_9.8.1.dfsg.P1-4.2_amd64.deb
 ab436376656d96776e7fe9f62a89208599d52356e79ca2fc0362ed26444d1337 53936 liblwres80_9.8.1.dfsg.P1-4.2_amd64.deb
 385f7b2b63cbe15c9a57385afae830ba300f8a898224f24c44b7497ea8748df1 34618 libisccc80_9.8.1.dfsg.P1-4.2_amd64.deb
 3d8e8ab511723c42ab872a5dd603891c87cc883c2f7735b8f71996282714aa44 60432 libisccfg82_9.8.1.dfsg.P1-4.2_amd64.deb
 3adc5812715c9b896dc8849f88a1da768f918b68ea78b931f0a99bfe2a7a8ca7 164490 dnsutils_9.8.1.dfsg.P1-4.2_amd64.deb
 c7ee965b42db91dc425df1ec474aa74b14a433b4d0f2b35223d122e18b1d3c53 240402 lwresd_9.8.1.dfsg.P1-4.2_amd64.deb
Files: 
 b20ca67cd38baa8a5bf2f99a4274bcd6 1958 net optional bind9_9.8.1.dfsg.P1-4.2.dsc
 36772ade5fe56e25f3914c5354453982 503942 net optional bind9_9.8.1.dfsg.P1-4.2.diff.gz
 23bb314ced29da3d802b88e81eee4a60 356524 doc optional bind9-doc_9.8.1.dfsg.P1-4.2_all.deb
 8d2f97ea297adf384a41477a44493b1f 19464 net standard host_9.8.1.dfsg.P1-4.2_all.deb
 f6f66e747e8ffc5620e6e6b6d740ce8a 362934 net optional bind9_9.8.1.dfsg.P1-4.2_amd64.deb
 d02e66dc98fc9a431cc0bfae9277f585 122888 net optional bind9utils_9.8.1.dfsg.P1-4.2_amd64.deb
 7fc598462fe16b440cb583236bf7520c 72140 net standard bind9-host_9.8.1.dfsg.P1-4.2_amd64.deb
 8de871744c1a0d4eaa762e8a0e46492f 1538140 libdevel optional libbind-dev_9.8.1.dfsg.P1-4.2_amd64.deb
 beefb4b8db0af165c1f585a3f3218490 40692 libs standard libbind9-80_9.8.1.dfsg.P1-4.2_amd64.deb
 5b870dba2294c475dcc808b83f376964 728260 libs standard libdns81_9.8.1.dfsg.P1-4.2_amd64.deb
 1094453ea8a623a5dd082c57b86331c3 177496 libs standard libisc83_9.8.1.dfsg.P1-4.2_amd64.deb
 cf32170be9395639dd2c30847bba645c 53936 libs standard liblwres80_9.8.1.dfsg.P1-4.2_amd64.deb
 feaa134b21d603c333fb299eca801985 34618 libs optional libisccc80_9.8.1.dfsg.P1-4.2_amd64.deb
 59f2e356cf95ca76dd01f2de3c7f4e58 60432 libs optional libisccfg82_9.8.1.dfsg.P1-4.2_amd64.deb
 4e5a216f418663d058352fb728f229c9 164490 net standard dnsutils_9.8.1.dfsg.P1-4.2_amd64.deb
 618a3261caed71b1e0040c3a337f0f7f 240402 net optional lwresd_9.8.1.dfsg.P1-4.2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlAW3IgACgkQHYflSXNkfP+EiwCgs3wIWPhO61QTy6Q0B7+hkf4E
k5YAn1qoMCxgVOWCImd4swOZFfPcVVtX
=ErXo
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Thu, 30 Aug 2012 07:27:30 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 17:04:33 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started