Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 695534 (CVE-2019-13207) - <net-dns/nsd-4.2.2: stack-based overflow in function dname_concatenate() in dname.c (CVE-2019-13207)
Summary: <net-dns/nsd-4.2.2: stack-based overflow in function dname_concatenate() in d...
Status: RESOLVED FIXED
Alias: CVE-2019-13207
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://github.com/NLnetLabs/nsd/issu...
Whiteboard: B3 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2019-09-24 12:11 UTC by GLSAMaker/CVETool Bot
Modified: 2019-10-26 22:09 UTC (History)
1 user (show)

See Also:
Package list:
net-dns/nsd-4.2.2
Runtime testing required: ---
stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2019-09-24 12:11:12 UTC 
CVE-2019-13207 (https://nvd.nist.gov/vuln/detail/CVE-2019-13207):
  nsd-checkzone in NLnet Labs NSD 4.2.0 has a Stack-based Buffer Overflow in
  the dname_concatenate() function in dname.c.
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2019-09-24 12:12:18 UTC 
Upstream fix: https://github.com/NLnetLabs/nsd/commit/91102da24d5949ccfec8fdab5bae2d01c4cabab5
Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev 2019-09-24 12:14:11 UTC 
@ arches,

please test and mark stable: =net-dns/nsd-4.2.2
Comment 3 Agostino Sarubbo gentoo-dev 2019-10-02 18:54:29 UTC 
x86 stable
Comment 4 Agostino Sarubbo gentoo-dev 2019-10-02 19:09:38 UTC 
amd64 stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 5 Thomas Deutschmann (RETIRED) gentoo-dev 2019-10-06 19:46:39 UTC 
GLSA Vote: No GLSA!

@ maintainer(s): Please cleanup and drop <net-dns/nsd-4.2.2!
Comment 6 Larry the Git Cow gentoo-dev 2019-10-07 08:04:04 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=753a9b1932a3418047724df7276c245c0c10d15d

commit 753a9b1932a3418047724df7276c245c0c10d15d
Author:     Lars Wendler <polynomial-c@gentoo.org>
AuthorDate: 2019-10-07 08:03:32 +0000
Commit:     Lars Wendler <polynomial-c@gentoo.org>
CommitDate: 2019-10-07 08:03:58 +0000

    net-dns/nsd: Security cleanup
    
    Bug: https://bugs.gentoo.org/695534
    Package-Manager: Portage-2.3.76, Repoman-2.3.17
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>

 net-dns/nsd/Manifest            |   2 -
 net-dns/nsd/nsd-4.1.27.ebuild   | 116 ----------------------------------------
 net-dns/nsd/nsd-4.2.1-r1.ebuild | 115 ---------------------------------------
 3 files changed, 233 deletions(-)
Comment 7 Thomas Deutschmann (RETIRED) gentoo-dev 2019-10-26 22:09:02 UTC 
Repository is clean, all done!