Re: [tickets.netnod.se #446259] Accepted bind9 1:9.8.4.dfsg.P1-6+nmu2+deb7u17 (source all amd64) into oldoldstable
- To: debian-lts@lists.debian.org
- Subject: Re: [tickets.netnod.se #446259] Accepted bind9 1:9.8.4.dfsg.P1-6+nmu2+deb7u17 (source all amd64) into oldoldstable
- From: Shujie Zhang <shujie@fallback.netnod.se>
- Date: Wed, 19 Jul 2017 11:29:04 +0200
- Message-id: <[🔎] 1500456544.6413.1.camel@fallback.netnod.se>
- In-reply-to: <rt-4.0.17-14761-1499969770-977.446259-3-0@netnod.se>
- References: <RT-Ticket-446259@netnod.se> <E1dViPW-0002d2-2f@seger.debian.org> <rt-4.0.17-14761-1499969770-977.446259-3-0@netnod.se>
Hi Team,
We exprienced regression as it described here
https://lists.isc.org/pipermail/bind-announce/2017-July/001054.html
"Problems may occur when transferring from another server if
TSIG is used *and* the AXFR or IXFR is more than two messages
in length *and* the master server does not sign every message.
NSD is an example of a popular DNS product that behaves in this
manner [note: NSD's behavior is in compliance with the requirements
of the RFC; it is BIND that has introduced a problem here.]"
It has been fixed in BIND 9.9.10-P3
https://lists.isc.org/pipermail/bind-announce/2017-July/001055.html
Are we getting backport of the fix in Wheezy?
Thanks.
Best regards,
Shujie
tor 2017-07-13 klockan 20:16 +0200 skrev debian-lts@lists.debian.org
> Format: 1.8
> Date: Tue, 11 Jul 2017 18:40:39 +0200
> Source: bind9
> Binary: bind9 bind9utils bind9-doc host bind9-host libbind-dev
> libbind9-80 libdns88 libisc84 liblwres80 libisccc80 libisccfg82
> dnsutils lwresd
> Architecture: source all amd64
> Version: 1:9.8.4.dfsg.P1-6+nmu2+deb7u17
> Distribution: wheezy-security
> Urgency: high
> Maintainer: LaMont Jones <lamont@debian.org>
> Changed-By: Thorsten Alteholz <debian@alteholz.de>
> Description:
> bind9 - Internet Domain Name Server
> bind9-doc - Documentation for BIND
> bind9-host - Version of 'host' bundled with BIND 9.X
> bind9utils - Utilities for BIND
> dnsutils - Clients provided with BIND
> host - Transitional package
> libbind-dev - Static Libraries and Headers used by BIND
> libbind9-80 - BIND9 Shared Library used by BIND
> libdns88 - DNS Shared Library used by BIND
> libisc84 - ISC Shared Library used by BIND
> libisccc80 - Command Channel Library used by BIND
> libisccfg82 - Config File Handling Library used by BIND
> liblwres80 - Lightweight Resolver Library used by BIND
> lwresd - Lightweight Resolver Daemon
> Changes:
> bind9 (1:9.8.4.dfsg.P1-6+nmu2+deb7u17) wheezy-security; urgency=high
> .
> * Non-maintainer upload by the Wheezy LTS Team.
> * CVE-2017-3142
> An error in TSIG authentication can permit unauthorized
> zone transfers.
> * CVE-2017-3143
> An error in TSIG authentication can permit unauthorized
> dynamic updates.
> Checksums-Sha1:
> f06cac251488e6695c5385c96b2053f0def60a07 2536 bind9_9.8.4.dfsg.P1-
> 6+nmu2+deb7u17.dsc
> d63bcc78910e250b612198ef56e9c651330733e3 6404429
> bind9_9.8.4.dfsg.P1-6+nmu2+deb7u17.tar.gz
> d703c71a4f760df3a7302dc3614c09bc621b2d41 365562 bind9-
> doc_9.8.4.dfsg.P1-6+nmu2+deb7u17_all.deb
> 0b14bbe611dca9973f455f88f453390d2f5fa9a3 22144 host_9.8.4.dfsg.P1-
> 6+nmu2+deb7u17_all.deb
> 1bcdd6d4a74672ec67936e82f69618b577a87eaf 375506 bind9_9.8.4.dfsg.P1-
> 6+nmu2+deb7u17_amd64.deb
> 0a089cece61c6366ce5b7db64bb48acd31976f65 129440
> bind9utils_9.8.4.dfsg.P1-6+nmu2+deb7u17_amd64.deb
> 143bc7e924b58980df862294d9333330adb7922b 75030 bind9-
> host_9.8.4.dfsg.P1-6+nmu2+deb7u17_amd64.deb
> 85e31aded2921b3fe734e8290a32d379a96240d1 1587954 libbind-
> dev_9.8.4.dfsg.P1-6+nmu2+deb7u17_amd64.deb
> 0d5e59781e6fb4a61415457f9f066175a5ee1a7e 43396 libbind9-
> 80_9.8.4.dfsg.P1-6+nmu2+deb7u17_amd64.deb
> ce0c18edb9101447c87e0fbbf130fce15c11c49d 755658
> libdns88_9.8.4.dfsg.P1-6+nmu2+deb7u17_amd64.deb
> f0bc481d94e554c084e8cb2d1b1544c88a198497 184630
> libisc84_9.8.4.dfsg.P1-6+nmu2+deb7u17_amd64.deb
> f127eb09244997109ab468874f0b63633708cc11 56786
> liblwres80_9.8.4.dfsg.P1-6+nmu2+deb7u17_amd64.deb
> c8f8fc92d9089eb13e540af027c4ce483cdfb5ec 37380
> libisccc80_9.8.4.dfsg.P1-6+nmu2+deb7u17_amd64.deb
> 9951f01b478583fd7c1f84e9d050c3c0f37107c2 64160
> libisccfg82_9.8.4.dfsg.P1-6+nmu2+deb7u17_amd64.deb
> ab2369a2dcbdba69acb71c5404041860f57c2860 167634
> dnsutils_9.8.4.dfsg.P1-6+nmu2+deb7u17_amd64.deb
> 373ef417e202b1d49ff92422b83a55a5d790a286 254196
> lwresd_9.8.4.dfsg.P1-6+nmu2+deb7u17_amd64.deb
> Checksums-Sha256:
> b828623abf559c3cc8d467b979c3b4763a607bc0afd1d3508e41961ef2f2dbc6
> 2536 bind9_9.8.4.dfsg.P1-6+nmu2+deb7u17.dsc
> 606b798c6fa1a18c56ae5bcf059ebac899923919949185cdc777d216d23cb6c9
> 6404429 bind9_9.8.4.dfsg.P1-6+nmu2+deb7u17.tar.gz
> 4d1a7b132987b8414a7bbcf7094321a5a8f9dbe09b7cce4e76e460cc00a493c7
> 365562 bind9-doc_9.8.4.dfsg.P1-6+nmu2+deb7u17_all.deb
> 3de6d8ddd8bd7990983293e4cb58cf84d0d729fe4e7cc4ac13e9c1a3265d804a
> 22144 host_9.8.4.dfsg.P1-6+nmu2+deb7u17_all.deb
> a0e6c6459c61c23e3efc59e1f9e1448ba804dd948ddcd4d65c0e2f44d75cf68e
> 375506 bind9_9.8.4.dfsg.P1-6+nmu2+deb7u17_amd64.deb
> 8e1cbd305531580f3df51804840e73ae4f63973752ffaf56bd7dd2914ef6f281
> 129440 bind9utils_9.8.4.dfsg.P1-6+nmu2+deb7u17_amd64.deb
> 6ba060b32a9236f46f9f2ab743bf3f01d2b581d636eec269a762d1fc4ecdad5c
> 75030 bind9-host_9.8.4.dfsg.P1-6+nmu2+deb7u17_amd64.deb
> bfa265263ba08b67136c99170a243fadc774320927983f0222c1c9ccbdc0ae1c
> 1587954 libbind-dev_9.8.4.dfsg.P1-6+nmu2+deb7u17_amd64.deb
> 8abc1e92d1ec3ecd38576787508ee0c23a3ca3644511505addd5bb2369fffec6
> 43396 libbind9-80_9.8.4.dfsg.P1-6+nmu2+deb7u17_amd64.deb
> 0e211776f5bd1aee6e4a67f1e753f38b61ba61319cef3c96922a1a9129b5e574
> 755658 libdns88_9.8.4.dfsg.P1-6+nmu2+deb7u17_amd64.deb
> b94a5a7cb54816477c47a0f80d1fc5ca55ea9f125d5f0be40513b6d76007bbc6
> 184630 libisc84_9.8.4.dfsg.P1-6+nmu2+deb7u17_amd64.deb
> 4937082661654fecceeb4f90106d7e9fb0f159d2ab8eddf9aebb964cdc7a836f
> 56786 liblwres80_9.8.4.dfsg.P1-6+nmu2+deb7u17_amd64.deb
> 8d2e1303efde3a15578d3bc98f49d4d88b3d2db1105d2478bbfba617a01843ef
> 37380 libisccc80_9.8.4.dfsg.P1-6+nmu2+deb7u17_amd64.deb
> 8da0b80e403207a26789194ec4378fbd6a96c9237dd02b072f0c38b14cdb826c
> 64160 libisccfg82_9.8.4.dfsg.P1-6+nmu2+deb7u17_amd64.deb
> 4c02546c621a33a04c71e698d8d8beb4278edc1e89911309eb2ecae82f0369dc
> 167634 dnsutils_9.8.4.dfsg.P1-6+nmu2+deb7u17_amd64.deb
> 4534d9fb11b6ae7d3bcf96486cd3d75ab278103df37dd9bbff392b40892d9d2d
> 254196 lwresd_9.8.4.dfsg.P1-6+nmu2+deb7u17_amd64.deb
> Files:
> 94c3c69bd440daf2f8d2b3c5ac3c8e4c 2536 net optional
> bind9_9.8.4.dfsg.P1-6+nmu2+deb7u17.dsc
> fcb628735e66d9e54d3576828e46c52b 6404429 net optional
> bind9_9.8.4.dfsg.P1-6+nmu2+deb7u17.tar.gz
> 4f821a11104217343e79023fedbf2281 365562 doc optional bind9-
> doc_9.8.4.dfsg.P1-6+nmu2+deb7u17_all.deb
> 8c94085a0c1cb3de237124c177686af6 22144 net standard
> host_9.8.4.dfsg.P1-6+nmu2+deb7u17_all.deb
> cefe2c0490027b753e6b20aebd6c67b1 375506 net optional
> bind9_9.8.4.dfsg.P1-6+nmu2+deb7u17_amd64.deb
> ce9e5480d798e37dda545933f28ab422 129440 net optional
> bind9utils_9.8.4.dfsg.P1-6+nmu2+deb7u17_amd64.deb
> c9261af7825ea709106396d76b16d2d6 75030 net standard bind9-
> host_9.8.4.dfsg.P1-6+nmu2+deb7u17_amd64.deb
> 936c1c5b6efd890b817fc17421bb4222 1587954 libdevel optional libbind-
> dev_9.8.4.dfsg.P1-6+nmu2+deb7u17_amd64.deb
> 0f6704e7cfe73c8e19ef1cea3c3edf63 43396 libs standard libbind9-
> 80_9.8.4.dfsg.P1-6+nmu2+deb7u17_amd64.deb
> aebd0f9ee786114d44c660d4aea6d75b 755658 libs standard
> libdns88_9.8.4.dfsg.P1-6+nmu2+deb7u17_amd64.deb
> 5a76e49261ce23c446267df17397c17d 184630 libs standard
> libisc84_9.8.4.dfsg.P1-6+nmu2+deb7u17_amd64.deb
> 0d89a3350faaa44fffc2cbc71e344fa4 56786 libs standard
> liblwres80_9.8.4.dfsg.P1-6+nmu2+deb7u17_amd64.deb
> ba4c43a0833b2a389a592d80c2d6fe00 37380 libs optional
> libisccc80_9.8.4.dfsg.P1-6+nmu2+deb7u17_amd64.deb
> 7c658111a3215495e10b5513e4f9cd45 64160 libs optional
> libisccfg82_9.8.4.dfsg.P1-6+nmu2+deb7u17_amd64.deb
> b11250868f075d0958200c121b33c520 167634 net standard
> dnsutils_9.8.4.dfsg.P1-6+nmu2+deb7u17_amd64.deb
> 57c8863f46513315b1a8162f6d8eaa44 254196 net optional
> lwresd_9.8.4.dfsg.P1-6+nmu2+deb7u17_amd64.deb
>
>
>
Reply to: