Summary: | <net-dns/bind-9.7.3: Denial of Service Vulnerability (CVE-2011-0414) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Tim Sammut (RETIRED) <underling> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | barzog, idl0r |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.isc.org/software/bind/advisories/cve-2011-0414 | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Tim Sammut (RETIRED)
2011-02-23 14:59:25 UTC
(In reply to comment #0) > @bind, =net-dns/bind-9.7.3 is already in the tree (thanks!). Can we move > forward with stabilization? > Sure :) (In reply to comment #1) > > Sure :) > Great, thanks. Arches, please test and mark stable: =net-dns/bind-9.7.3 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86" (In reply to comment #2) > (In reply to comment #1) > > > > Sure :) > > > > Great, thanks. > > Arches, please test and mark stable: > =net-dns/bind-9.7.3 > Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86" > Sorry I totally forgot... Please stabilize =net-dns/bind-tools-9.7.3 too then, as it belongs together. for me, there is a problem. In another system, i can reproduce issue described in bug 347621 comment #8 To reproduce it i'm compiling bind enabling all USE flag: [ebuild N ] net-dns/bind-9.7.3 USE="berkdb dlz doc geoip gssapi idn ipv6 ldap mysql odbc postgres resolvconf ssl threads urandom xml Anyone can reproduce? (In reply to comment #4) > for me, there is a problem. In another system, i can reproduce issue described > in bug 347621 comment #8 > > To reproduce it i'm compiling bind enabling all USE flag: > > [ebuild N ] net-dns/bind-9.7.3 USE="berkdb dlz doc geoip gssapi idn ipv6 > ldap mysql odbc postgres resolvconf ssl threads urandom xml > > Anyone can reproduce? > Ok, got it now :) It's fixed in CVS, 9.6.3 and 9.7.3. Thanks! :) (In reply to comment #5) > Ok, got it now :) > It's fixed in CVS, 9.6.3 and 9.7.3. > Thanks! :) Works! x86 stable ppc/ppc64 stable Stable for HPPA. amd64 done. Thanks Agostino alpha/arm/ia64/s390/sh/sparc stable Thanks, everyone. GLSA Vote: yes. > Sorry I totally forgot...
> Please stabilize =net-dns/bind-tools-9.7.3 too then, as it belongs together.
How do they belong together? I am running a BIND server and don't really see a need/dependency for them.
> GLSA Vote: yes.
Yes, too. Added to pending GLSA.
(In reply to comment #13) > > Sorry I totally forgot... > > Please stabilize =net-dns/bind-tools-9.7.3 too then, as it belongs together. > > How do they belong together? I am running a BIND server and don't really see a > need/dependency for them. > E.g. dig, nsupdate and esp. dnssec-keygen. They often get fixes/new features etc. on bumps. But I'll file a new bug for it anyway. Stabalized? see also: http://bugs.gentoo.org/show_bug.cgi?id=329001 build fails on amd64 with MAKEOPTS="-j3" CVE-2011-0414 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0414): ISC BIND 9.7.1 through 9.7.2-P3, when configured as an authoritative server, allows remote attackers to cause a denial of service (deadlock and daemon hang) by sending a query at the time of (1) an IXFR transfer or (2) a DDNS update. This issue was resolved and addressed in GLSA 201206-01 at http://security.gentoo.org/glsa/glsa-201206-01.xml by GLSA coordinator Stefan Behte (craig). |