Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 677054 - <net-dns/unbound-1.8.3: DNS64-related crash
Summary: <net-dns/unbound-1.8.3: DNS64-related crash
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://nlnetlabs.nl/svn/unbound/tags...
Whiteboard: B3 [glsa+]
Keywords:
Depends on:
Blocks:
 
Reported: 2019-02-01 14:57 UTC by Hanno Böck
Modified: 2019-04-02 04:21 UTC (History)
2 users (show)

See Also:
Package list:
net-dns/unbound-1.9.0
Runtime testing required: ---
stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Hanno Böck gentoo-dev 2019-02-01 14:57:13 UTC 
There isn't much more info, but the changelog of unbound 1.8.3 says:
	- Fix dns64 allocation in wrong region for returned internal queries.
	- And 1.8.3 release with this dns64 crash fix included.

Crashing a DNS resolver seems bad enough to treat it as a security issue.

1.8.3 is already in the tree, can we stabilize it?
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2019-02-09 15:41:12 UTC 
We will go with =net-dns/unbound-1.9.0 which also contains patches from DNS flag day.
Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev 2019-02-09 18:39:46 UTC 
x86 stable
Comment 3 Agostino Sarubbo gentoo-dev 2019-02-09 19:59:30 UTC 
amd64 stable
Comment 4 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2019-02-13 11:21:05 UTC 
arm stable
Comment 5 Markus Meier gentoo-dev 2019-02-13 19:09:53 UTC 
arm stable
Comment 6 Aaron Bauman (RETIRED) gentoo-dev 2019-03-11 02:07:41 UTC 
@ppc/ppc64, ping.
Comment 7 ernsteiswuerfel archtester 2019-03-16 14:11:15 UTC 
Looking good on ppc.

# cat unbound-677054.report 
USE tests started on Sa 16. Mär 13:40:59 CET 2019

FEATURES=' test' USE='' succeeded for =net-dns/unbound-1.9.0
USE='dnscrypt ecdsa ecs -gost -libressl -python redis -static-libs -systemd -threads' succeeded for =net-dns/unbound-1.9.0
USE='dnscrypt ecdsa ecs -gost -libressl -python -redis static-libs -systemd -threads' succeeded for =net-dns/unbound-1.9.0
USE='-dnscrypt ecdsa ecs -gost -libressl -python redis static-libs -systemd -threads' succeeded for =net-dns/unbound-1.9.0
USE='dnscrypt ecdsa -ecs gost libressl -python redis static-libs -systemd -threads' : blocked packages (probably) for =net-dns/unbound-1.9.0
USE='-dnscrypt ecdsa -ecs gost libressl -python -redis -static-libs systemd -threads' : blocked packages (probably) for =net-dns/unbound-1.9.0
USE='-dnscrypt -ecdsa -ecs -gost -libressl -python redis static-libs systemd -threads' succeeded for =net-dns/unbound-1.9.0
USE='dnscrypt -ecdsa ecs gost -libressl -python -redis -static-libs -systemd threads' succeeded for =net-dns/unbound-1.9.0
USE='dnscrypt -ecdsa -ecs -gost -libressl -python -redis -static-libs systemd threads' succeeded for =net-dns/unbound-1.9.0
USE='dnscrypt -ecdsa -ecs gost -libressl -python -redis -static-libs systemd threads' succeeded for =net-dns/unbound-1.9.0
USE='-dnscrypt -ecdsa ecs -gost -libressl -python redis -static-libs systemd threads' succeeded for =net-dns/unbound-1.9.0
USE='dnscrypt ecdsa -ecs -gost libressl -python -redis static-libs systemd threads' : blocked packages (probably) for =net-dns/unbound-1.9.0
USE='dnscrypt -ecdsa ecs gost -libressl -python redis static-libs systemd threads' succeeded for =net-dns/unbound-1.9.0

revdep tests started on Sa 16. Mär 14:52:58 CET 2019

FEATURES=' test' USE='dane' succeeded for net-libs/gnutls
FEATURES=' test' USE='strongswan_plugins_unbound' succeeded for net-vpn/strongswan
Comment 8 ernsteiswuerfel archtester 2019-03-16 17:30:02 UTC 
Looking good on ppc64.

# cat unbound-677054.report 
USE tests started on Sa 16. Mär 18:07:40 CET 2019

FEATURES=' test' USE='' succeeded for =net-dns/unbound-1.9.0
USE='dnscrypt -ecdsa ecs gost -libressl -python -redis -static-libs -systemd -threads' succeeded for =net-dns/unbound-1.9.0
USE='-dnscrypt ecdsa -ecs -gost libressl -python redis -static-libs -systemd -threads' : blocked packages (probably) for =net-dns/unbound-1.9.0
USE='-dnscrypt -ecdsa ecs gost libressl -python redis static-libs -systemd -threads' : blocked packages (probably) for =net-dns/unbound-1.9.0
USE='-dnscrypt ecdsa ecs gost -libressl -python -redis -static-libs systemd -threads' succeeded for =net-dns/unbound-1.9.0
USE='dnscrypt ecdsa -ecs gost libressl -python redis -static-libs systemd -threads' : blocked packages (probably) for =net-dns/unbound-1.9.0
USE='dnscrypt ecdsa -ecs -gost -libressl -python -redis static-libs systemd -threads' succeeded for =net-dns/unbound-1.9.0
USE='-dnscrypt ecdsa ecs -gost -libressl -python redis static-libs systemd -threads' succeeded for =net-dns/unbound-1.9.0
USE='dnscrypt ecdsa -ecs gost libressl -python -redis -static-libs -systemd threads' : blocked packages (probably) for =net-dns/unbound-1.9.0
USE='-dnscrypt ecdsa ecs -gost -libressl -python redis -static-libs -systemd threads' succeeded for =net-dns/unbound-1.9.0
USE='-dnscrypt -ecdsa ecs gost -libressl -python redis static-libs -systemd threads' succeeded for =net-dns/unbound-1.9.0
USE='dnscrypt -ecdsa ecs -gost libressl -python -redis static-libs systemd threads' : blocked packages (probably) for =net-dns/unbound-1.9.0
USE='-dnscrypt -ecdsa -ecs -gost libressl -python redis static-libs systemd threads' : blocked packages (probably) for =net-dns/unbound-1.9.0

revdep tests started on Sa 16. Mär 18:19:04 CET 2019

FEATURES=' test' USE='dane' succeeded for net-libs/gnutls
Comment 9 Aaron Bauman (RETIRED) gentoo-dev 2019-03-28 17:25:26 UTC 
ppc/ppc64 stable thanks to ernsteiswuerfel!
Comment 10 GLSAMaker/CVETool Bot gentoo-dev 2019-04-02 04:21:09 UTC 
This issue was resolved and addressed in
 GLSA 201904-03 at https://security.gentoo.org/glsa/201904-03
by GLSA coordinator Aaron Bauman (b-man).