Bug 29427

Summary: bind new security issue fixed upstream in 9.11.35 and CVE-2021-25219
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: andrewsfarm, herman.viaene, mageia, sysadmin-bugs
Version: 8Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA8-64-OK
Source RPM: bind-9.11.31-1.1.mga8.src.rpm CVE:
Status comment:

Description David Walser 2021-08-29 21:20:02 CEST 
Fedora has issued an advisory today (August 29):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/UHKVXMAXF3XW35RVEFHCUR45GWXKGDXO/

The issue comes from an assertion that is reachable and is fixed in 9.11.35.
Comment 1 Lewis Smith 2021-08-31 20:09:37 CEST 
guillomovitch is both the registered & active maintainer of bind, so assigning this update to you.

Assignee: bugsquad => guillomovitch

Comment 2 David Walser 2021-10-29 17:13:06 CEST 
Debian has issued an advisory on October 28:
https://www.debian.org/security/2021/dsa-4994

Upstream advisory from October 27:
https://kb.isc.org/docs/cve-2021-25219

The issue is fixed upstream in 9.11.36.

Status comment: (none) => Fixed upstream in 9.11.36
Severity: normal => major
Summary: bind new security issue fixed upstream in 9.11.35 => bind new security issue fixed upstream in 9.11.35 and CVE-2021-25219

Comment 3 David Walser 2021-10-29 17:16:44 CEST 
Ubuntu has issued an advisory for the new issue on October 28:
https://ubuntu.com/security/notices/USN-5126-2
Comment 4 David Walser 2021-11-05 17:04:50 CET 
Fedora has issued an advisory for the new issue on November 3:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/YTKC4E3HUOLYN5IA4EBL4VAQSWG2ZVTX/
Comment 5 David Walser 2021-12-16 22:46:11 CET 
Updated package uploaded by Nicolas (subrel should have been removed, but oh well).

bind-9.11.36-1.1.mga8
libdns_pkcs11_1115-9.11.36-1.1.mga8
libdns1115-9.11.36-1.1.mga8
bind-devel-9.11.36-1.1.mga8
bind-sdb-9.11.36-1.1.mga8
bind-pkcs11-9.11.36-1.1.mga8
bind-utils-9.11.36-1.1.mga8
bind-pkcs11-utils-9.11.36-1.1.mga8
libisc_pkcs11_1107-9.11.36-1.1.mga8
libisc1107-9.11.36-1.1.mga8
python3-bind-9.11.36-1.1.mga8
bind-dnssec-utils-9.11.36-1.1.mga8
libisccfg163-9.11.36-1.1.mga8
libbind9_161-9.11.36-1.1.mga8
liblwres161-9.11.36-1.1.mga8
libisccc161-9.11.36-1.1.mga8
libirs161-9.11.36-1.1.mga8
bind-pkcs11-devel-9.11.36-1.1.mga8
bind-chroot-9.11.36-1.1.mga8
bind-sdb-chroot-9.11.36-1.1.mga8

from bind-9.11.36-1.1.mga8.src.rpm

Status comment: Fixed upstream in 9.11.36 => (none)
Assignee: guillomovitch => qa-bugs
CC: (none) => mageia

Comment 6 Herman Viaene 2021-12-17 16:15:09 CET 
MGA7-64 Plasma on Lenovo B50
No installation issues.
Worked OK as client to my own DNS-server on my desktop machine, and made sure the network setting point to my own dns.
Used webmin to define a small DNS-server, then copied the files from /var/lib/named/etc to /etc, restarted named and then got answer from my own dnsusing nslookup.
OK for me.

Whiteboard: (none) => MGA8-64-OK
CC: (none) => herman.viaene

Comment 7 Thomas Andrews 2021-12-18 19:52:37 CET 
Validating.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Thomas Backlund 2021-12-19 12:04:33 CET

Keywords: (none) => advisory

Comment 8 Mageia Robot 2021-12-19 13:27:27 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2021-0560.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED