Your message dated Mon, 12 Nov 2012 16:46:48 +1300
with message-id
<CANOnS_6dfp=NSLaOYxHEYG1-RM=1lmmuf_ohap+islbcyxd...@mail.gmail.com>
and subject line Accidentally filed - duplicate of 693015
has caused the Debian Bug report #693016,
regarding bind9: CVE-2012-4244 - A specially crafted Resource Record could
cause named to terminate
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
693016: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693016
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: bind9
Version: 1:9.8.1.dfsg.P1-4.3
Severity: normal
Tags: upstream
Dear Maintainer,
This is a remote DoS exploit on a recursive servers, or authorative
servers if RR loaded from file or via zone transfer.
Quoting https://kb.isc.org/article/AA-00778/74
"If a record with RDATA in excess of 65535 bytes is loaded into a
nameserver, a subsequent query for that record will cause named to exit
with an assertion failure."
Fixed in package bind9_9.8.4.dfsg-1 uploaded to unstable.
It's not practical to reliably backport a fix for this. ISC have
markedly changed data structures and flags to fix other bugs, making
patching risky. They do not provide access to their VCS. 9.8.4 is
bug fixed upstream version of 9.8.1
Rational for bind9_9.8.4.dfsg-1 package is to make bug fixing wheezy
bind9 easier/more reliable once released.
Please upgrade wheezy bind9 to 9.8.4.dfsg-1
I am a DDwith a C network router programming background, and am
currently working on an ISP DNS system, and have evaluated patchability
for other CVEs, and found too much of a risk of introducing other bugs
when using patches from other ISC versions of bind9 like 9.6ESRV.
Best Regards,
Matthew Grant
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-3-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_NZ.UTF-8, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages bind9 depends on:
ii adduser 3.113+nmu3
ii bind9utils 1:9.8.1.dfsg.P1-4.3
ii debconf [debconf-2.0] 1.5.46
ii libbind9-80 1:9.8.1.dfsg.P1-4.3
ii libc6 2.13-35
ii libcap2 1:2.22-1.2
ii libdns81 1:9.8.1.dfsg.P1-4.3
ii libgssapi-krb5-2 1.10.1+dfsg-2
ii libisc83 1:9.8.1.dfsg.P1-4.3
ii libisccc80 1:9.8.1.dfsg.P1-4.3
ii libisccfg82 1:9.8.1.dfsg.P1-4.3
ii liblwres80 1:9.8.1.dfsg.P1-4.3
ii libssl1.0.0 1.0.1c-4
ii lsb-base 4.1+Debian7
ii net-tools 1.60-24.2
ii netbase 5.0
bind9 recommends no packages.
Versions of packages bind9 suggests:
pn bind9-doc <none>
ii dnsutils 1:9.8.1.dfsg.P1-4.3
pn resolvconf <none>
pn ufw <none>
-- Configuration Files:
/etc/bind/named.conf.local changed [not included]
-- debconf information excluded
--- End Message ---
--- Begin Message ---
Closing as filed again - having trouble with SMTP processing and firewalls
--- End Message ---
