Bind9 (9.7.4)
Greetings! I was discussing a bind issue that I am experiencing w/ an acquaintance on IRC this afternoon and he informed me that bind was updated to cover a latent bug in the DNS message processing code that could allow certain UPDATE requests to crash named. I'm currently running Bind 9.7.3, which as far as I can tell is the latest available on the stable squeeze repos. I am curious why 9.7.4 hasn't been pushed out? The only reason I am concerned is because I am actually being affected by this bug. Bind actually dies, hundreds of times a day and it's really annoying. I am going to set up a new copy of bind from source to cover this bug, but I would like to know why the new version hasn't been rolled out? It has been months since it's initial release. Change #2912 (see CHANGES) exposed a latent bug in the DNS message processing code that could allow certain UPDATE requests to crash named. [RT #24777] [CVE-2011-2464] BIND 9.7.4 Released on 01 Aug 2011 -- Chris Brennan A: Yes. Q: Are you sure? A: Because it reverses the logical flow of conversation. Q: Why is top posting frowned upon? http://xkcd.com/84/ | http://xkcd.com/149/ | http://xkcd.com/549/ GPG: D5B20C0C (6741 8EE4 6C7D 11FB 8DA8 9E4A EECD 9A84 D5B2 0C0C)
Re: Bind9 (9.7.4)
On Tue, Nov 8, 2011 at 3:01 PM, Pascal Hambourg pas...@plouf.fr.eu.org wrote: Hello, Chris Brennan a écrit : I was discussing a bind issue that I am experiencing w/ an acquaintance on IRC this afternoon and he informed me that bind was updated to cover a latent bug in the DNS message processing code that could allow certain UPDATE requests to crash named. I'm currently running Bind 9.7.3, which as far as I can tell is the latest available on the stable squeeze repos. AFAICS, this vulnerability has been fixed in Debian Squeeze, see http://www.debian.org/security/2011/dsa-2272 OK, So my copy of bind is correctly up to date. That doesn't explain then why I am getting random deaths of bind, multiple times a day. It doesn't log anything, which is the odd part, and it fails to restart without human intervention (cron isn't catching it for some reason, but that's not the bigger problem.) -- Chris Brennan A: Yes. Q: Are you sure? A: Because it reverses the logical flow of conversation. Q: Why is top posting frowned upon? http://xkcd.com/84/ | http://xkcd.com/149/ | http://xkcd.com/549/ GPG: D5B20C0C (6741 8EE4 6C7D 11FB 8DA8 9E4A EECD 9A84 D5B2 0C0C)
Re: Bind9 (9.7.4)
Hello, Chris Brennan a écrit : I was discussing a bind issue that I am experiencing w/ an acquaintance on IRC this afternoon and he informed me that bind was updated to cover a latent bug in the DNS message processing code that could allow certain UPDATE requests to crash named. I'm currently running Bind 9.7.3, which as far as I can tell is the latest available on the stable squeeze repos. AFAICS, this vulnerability has been fixed in Debian Squeeze, see http://www.debian.org/security/2011/dsa-2272 -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4eb98a84.6060...@plouf.fr.eu.org