Bug 28978

Ubuntu also fixed this issue in 9.11.3 on April 29:
https://ubuntu.com/security/notices/USN-4929-1

Advisory:
========================

Updated bind packages fix security vulnerability:

Incremental zone transfers (IXFR) provide a way of transferring changed
portion(s) of a zone between servers. An IXFR stream containing SOA records
with an owner name other than the transferred zone's apex may cause the
receiving named server to inadvertently remove the SOA record for the zone in
question from the zone database. This leads to an assertion failure when the
next SOA refresh query for that zone is made (CVE-2021-25214).

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25214
https://kb.isc.org/v1/docs/cve-2021-25214
https://www.debian.org/security/2021/dsa-4909
========================

Updated packages in core/updates_testing:
========================
bind-9.11.6-1.5.mga7
bind-sdb-9.11.6-1.5.mga7
bind-utils-9.11.6-1.5.mga7
bind-dnssec-utils-9.11.6-1.5.mga7
libdns1105-9.11.6-1.5.mga7
libirs161-9.11.6-1.5.mga7
libisc1100-9.11.6-1.5.mga7
libbind9_161-9.11.6-1.5.mga7
liblwres161-9.11.6-1.5.mga7
libisccc161-9.11.6-1.5.mga7
libisccfg163-9.11.6-1.5.mga7
bind-devel-9.11.6-1.5.mga7
bind-chroot-9.11.6-1.5.mga7
bind-sdb-chroot-9.11.6-1.5.mga7
python3-bind-9.11.6-1.5.mga7

from bind-9.11.6-1.5.mga7.src.rpm

Assignee: guillomovitch => qa-bugs

MGA7-64 Plasma on Lenovo B50
No installation issues.
Worked OK as client to my own DNS-server on my desktop machine.
Used webmin to define a small DNS-server, and after the usual fiddling with the location of the conf and zone files, the server responded OK.
# systemctl -l status named
● named.service - Berkeley Internet Name Domain (DNS)
   Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
   Active: active (running) since Tue 2021-06-22 15:18:57 CEST; 3s ago
  Process: 6255 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone file>
  Process: 6257 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)
 Main PID: 6258 (named)
    Tasks: 7 (limit: 4915)
   Memory: 55.9M
   CGroup: /system.slice/named.service
           └─6258 /usr/sbin/named -u named -c /etc/named.conf

Jun 22 15:18:57 mach5.hviaene.thuis named[6258]: configuring command channel from '/etc/rndc.key'
Jun 22 15:18:57 mach5.hviaene.thuis named[6258]: command channel listening on 127.0.0.1#953
Jun 22 15:18:57 mach5.hviaene.thuis named[6258]: configuring command channel from '/etc/rndc.key'
Jun 22 15:18:57 mach5.hviaene.thuis named[6258]: command channel listening on ::1#953
Jun 22 15:18:57 mach5.hviaene.thuis named[6258]: the working directory is not writable
Jun 22 15:18:57 mach5.hviaene.thuis named[6258]: managed-keys-zone: loaded serial 0
Jun 22 15:18:57 mach5.hviaene.thuis named[6258]: zone hviaene.thuis/IN: loaded serial 1624367248
Jun 22 15:18:57 mach5.hviaene.thuis named[6258]: all zones loaded
Jun 22 15:18:57 mach5.hviaene.thuis named[6258]: running
Jun 22 15:18:57 mach5.hviaene.thuis systemd[1]: Started Berkeley Internet Name Domain (DNS).

Good enough for me.

Whiteboard: (none) => MGA7-64-OK
CC: (none) => herman.viaene

Validating. Advisory in Comment 2.

CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2021-0275.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED