[Bug 823664] New: CVE-2013-3919: A recursive resolver can be crashed by a query for a malformed zone
https://bugzilla.novell.com/show_bug.cgi?id=823664 https://bugzilla.novell.com/show_bug.cgi?id=823664#c0 Summary: CVE-2013-3919: A recursive resolver can be crashed by a query for a malformed zone Classification: openSUSE Product: openSUSE 12.3 Version: Final Platform: Other OS/Version: Other Status: NEW Severity: Major Priority: P5 - None Component: Network AssignedTo: max@suse.com ReportedBy: lmuelle@suse.com QAContact: qa-bugs@suse.de CC: lmuelle@suse.com, security-team@suse.de Found By: --- Blocker: No https://kb.isc.org/article/AA-00967 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=823664 https://bugzilla.novell.com/show_bug.cgi?id=823664#c1 --- Comment #1 from Lars Müller <lmuelle@suse.com> 2013-06-06 14:22:25 CEST --- Versions affected: BIND 9.6-ESV-R9, 9.8.5, and 9.9.3 are affected Versions 9.6.0 through 9.6-ESV-R8, 9.8.0 through 9.8.4-P2, and 9.9.0 through 9.9.2-P2 ARE NOT affected. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=823664 https://bugzilla.novell.com/show_bug.cgi?id=823664#c Alexander Bergmann <abergmann@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |abergmann@suse.com Summary|CVE-2013-3919: A recursive |VUL-0: bind: CVE-2013-3919: |resolver can be crashed by |A recursive resolver can be |a query for a malformed |crashed by a query for a |zone |malformed zone Alias| |CVE-2013-3919 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=823664 https://bugzilla.novell.com/show_bug.cgi?id=823664#c2 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium --- Comment #2 from Swamp Workflow Management <swamp@suse.de> 2013-06-06 16:00:22 UTC --- bugbot adjusting priority -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=823664 https://bugzilla.novell.com/show_bug.cgi?id=823664#c3 Reinhard Max <max@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |max@suse.com AssignedTo|max@suse.com |security-team@suse.de --- Comment #3 from Reinhard Max <max@suse.com> 2013-06-11 07:16:53 CEST --- Looks like we're not affected: openSUSE 12.1 has 9.8.3-P4 openSUSE 12.2 has 9.9.1-P4 openSUSE 12.3 has 9.9.2-P1 SLE9 has 9.3.4 SLE10-SP3 has 9.3.4 SLE10-SP4 has 9.6-ESV-R7-P4 SLE11 has 9.6-ESV-R7-P4 SLE11-SP2 has 9.9.2-P2 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=823664 https://bugzilla.novell.com/show_bug.cgi?id=823664#c4 --- Comment #4 from Alexander Bergmann <abergmann@suse.com> 2013-06-11 07:35:27 UTC --- Created an attachment (id=543674) --> (http://bugzilla.novell.com/attachment.cgi?id=543674) diff between bind-9.6-ESV-R9 and bind-9.6-ESV-R9-P1 Just for completeness, here's the fix that solves the problem on the bind-9.6.ESV branch. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=823664 https://bugzilla.novell.com/show_bug.cgi?id=823664#c5 Alexander Bergmann <abergmann@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |INVALID --- Comment #5 from Alexander Bergmann <abergmann@suse.com> 2013-06-11 08:04:08 UTC --- I just double checked current SLES versions. The responsible function findnoqname() was introduced with release 9.6-ESV-R8. SLES11-SP2 bind-9.6ESVR7P4-0.10.1 SLES11-SP1-LTSS bind-9.6ESVR7P4-0.2.5.1 SLES10-SP4 bind-9.6ESVR7P4-0.9.1 SLES10-SP3-LTSS bind-9.3.4-1.44.1 So no SLES version is affected. Closing bug as invalid. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=823664 https://bugzilla.novell.com/show_bug.cgi?id=823664#c Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard| |maint:running:52875:importa | |nt -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=823664 https://bugzilla.novell.com/show_bug.cgi?id=823664#c6 Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |meissner@suse.com --- Comment #6 from Marcus Meissner <meissner@suse.com> 2013-06-13 08:45:18 UTC --- I also posted a note to the CVE page. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com