Summary: | net-dns/bind: DNSSEC error and dereferencing freed fetch context (CVE-2007-049[34]) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Rajiv Aaron Manglani (RETIRED) <rajiv> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | bind+disabled, gengor, podge, sgtphou, voxus |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | A/B3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Rajiv Aaron Manglani (RETIRED)
2007-01-25 01:43:59 UTC
pls provide updated ebuilds this has been fixed in 9.3.4 and 9.2.8 CVE-2007-0494 bind and bind/tools 9.2.8, 9.3.4 and 9.4.0_rc2 have been committed to the tree. (In reply to comment #3) > bind and bind/tools 9.2.8, 9.3.4 and 9.4.0_rc2 have been committed to the tree. > Thanks Martin. Hi arches, please test and mark stable when appropriate, thanks. Target keywords are bind-9.2.8 and bind-9.3.4 9.3.4 wants idnkit but idnkit blocks <9.4... coffee someone? Oh btw, same for 9.2.8. my fault, wrong idnkit's block fixed. x86 stable Stable for HPPA. bind-tools must be in sync with bind. i.e. stabilize 'em too, please. sparc stable. x86 stable ohhh someone's not gonna like me... 9.3.4 it still breaks on hardened-x86: grsec: From xxx.xxx.xxx.xxx: signal 6 sent to /usr/sbin/named[named:11336] uid/euid:40/40 gid/egid:40/40, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 by /usr/sbin/named[named:852] uid/euid:40/40 gid/egid:40/40, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 net-dns/bind-tools-9.3.4 marked stable for HPPA. (In reply to comment #13) > ohhh someone's not gonna like me... 9.3.4 it still breaks on hardened-x86: > > grsec: From xxx.xxx.xxx.xxx: signal 6 sent to /usr/sbin/named[named:11336] > uid/euid:40/40 gid/egid:40/40, parent /sbin/init[init:1] uid/euid:0/0 > gid/egid:0/0 by /usr/sbin/named[named:852] uid/euid:40/40 gid/egid:40/40, > parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 > Same behavior here on hardened-x86: grsec: From XXX.XXX.XXX.XXX: signal 6 sent to /usr/sbin/named[named:22469] uid/euid:40/40 gid/egid:40/40, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 by /usr/sbin/named[named:10807] uid/euid:40/40 gid/egid:40/40, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 Will happen within a few seconds of named reporting in the logs that is has finished starting up and is running. I suggest we mask bind for hardened arches only. Is named the only program that reports a problem? (i.e. do we need to mask bind-tools too or just bind)? ppc stable alpha stable *** Bug 163691 has been marked as a duplicate of this bug. *** Stable on amd64. ppc64 stable It's an old and well-known bind issue. I vote Yes for a GLSA. also vote YES. IA64 done. let's have a GLSA then I'm hearing from a few people about problems on hardened on amd64 and x86, also mentioned in comment #15 and comment #16 , fyi. In addition, this bug is related (I found that out after i posted last comment, appologies for spam) bug #158664 GLSA 200702-06, see bug 158664 for hardened-related issues |