| Summary: | <net-dns/bind-9.16.48: Stack buffer overflow | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Krzysztof Olędzki <ole+gentoo> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | IN_PROGRESS --- | ||
| Severity: | major | CC: | chutzpah, hydrapolic, sam |
| Priority: | High | Keywords: | PullRequest |
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://downloads.isc.org/isc/bind9/9.16.44/doc/arm/html/notes.html#notes-for-bind-9-16-44 | ||
| See Also: |
https://bugs.gentoo.org/show_bug.cgi?id=919679 https://github.com/gentoo/gentoo/pull/34645 https://github.com/gentoo/gentoo/pull/35313 |
||
| Whiteboard: | B3 [glsa?] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 924895 | ||
| Bug Blocks: | |||
Security Fixes in 9.16.44:
Previously, sending a specially crafted message over the control channel could cause the packet-parsing code to run out of available stack memory, causing named to terminate unexpectedly. This has been fixed. (CVE-2023-3341)
ping? :) It it helps, the same ebuild file as before - bind-9.16.{37,49,41,42}.ebuild works well also for .44.
Please remember to file in the correct component. (In reply to Krzysztof Olędzki from comment #3) > It it helps, the same ebuild file as before - bind-9.16.{37,49,41,42}.ebuild > works well also for .44. Please feel free to do PRs for such things if you already tested it. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cf1630aa52f634b69a08ffd7e18fb07d57d92f0e commit cf1630aa52f634b69a08ffd7e18fb07d57d92f0e Author: Hank Leininger <hlein@korelogic.com> AuthorDate: 2024-02-14 00:44:21 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-02-18 10:48:21 +0000 net-dns/bind-tools: add 9.16.48 Signed-off-by: Hank Leininger <hlein@korelogic.com> Bug: https://bugs.gentoo.org/924447 Bug: https://bugs.gentoo.org/914365 Bug: https://bugs.gentoo.org/919679 Signed-off-by: Sam James <sam@gentoo.org> net-dns/bind-tools/Manifest | 1 + net-dns/bind-tools/bind-tools-9.16.48.ebuild | 167 +++++++++++++++++++++++++++ 2 files changed, 168 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3a319063509bd1c35f3cc25cbe21ea5d1be7e2fa commit 3a319063509bd1c35f3cc25cbe21ea5d1be7e2fa Author: Hank Leininger <hlein@korelogic.com> AuthorDate: 2024-02-14 00:43:06 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-02-18 10:48:21 +0000 net-dns/bind: add 9.16.48 Signed-off-by: Hank Leininger <hlein@korelogic.com> Bug: https://bugs.gentoo.org/924447 Bug: https://bugs.gentoo.org/914365 Bug: https://bugs.gentoo.org/919679 Closes: https://bugs.gentoo.org/923781 Signed-off-by: Sam James <sam@gentoo.org> net-dns/bind/Manifest | 1 + net-dns/bind/bind-9.16.48.ebuild | 389 ++++++++++++++++++++++++++++++++++++++ net-dns/bind/files/named.cache-r4 | 92 +++++++++ 3 files changed, 482 insertions(+) commit 642f553d9178029209ad83c03a6ae66d426fe657 Author: Volkmar W. Pogatzki <gentoo@pogatzki.net> Date: Thu Mar 21 13:01:08 2024 +0100 net-dns/bind: drop 9.16.42 Closes: https://bugs.gentoo.org/914152 Signed-off-by: Volkmar W. Pogatzki <gentoo@pogatzki.net> Closes: https://github.com/gentoo/gentoo/pull/35852 Signed-off-by: Sam James <sam@gentoo.org> commit 3c20b96db1dfeeba7a428980429c080c574954ec Author: Sam James <sam@gentoo.org> Date: Tue Apr 30 07:35:51 2024 +0100 net-dns/bind-tools: drop 9.16.42 Signed-off-by: Sam James <sam@gentoo.org> |
Bug Fixes in 9.16.43: Processing already-queued queries received over TCP could cause an assertion failure, when the server was reconfigured at the same time or the cache was being flushed. This has been fixed. [GL #4200] https://gitlab.isc.org/isc-projects/bind9/-/issues/4200