Bug 30184

Ubuntu has issued an advisory for this today (March 17):
https://ubuntu.com/security/notices/USN-5332-1

Have to assign this globally, no one maintainer evident.

Assignee: bugsquad => pkg-bugs

Suggested advisory:
========================

The updated packages fix a security vulnerability:

DNS forwarders - cache poisoning vulnerability. (CVE-2021-25220)

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25220
https://kb.isc.org/docs/cve-2021-25220
https://ubuntu.com/security/notices/USN-5332-1
========================

Updated packages in core/updates_testing:
========================
bind-devel-9.11.37-1.mga8
lib(64)dns_pkcs11_1115-9.11.37-1.mga8
lib(64)dns1115-9.11.37-1.mga8
bind-sdb-9.11.37-1.mga8
bind-utils-9.11.37-1.mga8
bind-pkcs11-9.11.37-1.mga8
bind-pkcs11-utils-9.11.37-1.mga8
lib(64)isc_pkcs11_1107-9.11.37-1.mga8
lib(64)isccfg163-9.11.37-1.mga8
bind-dnssec-utils-9.11.37-1.mga8
python3-bind-9.11.37-1.mga8
lib(64)isc1107-9.11.37-1.mga8
lib(64)isccc161-9.11.37-1.mga8
lib(64)bind9_161-9.11.37-1.mga8
lib(64)irs161-9.11.37-1.mga8
lib(64)lwres161-9.11.37-1.mga8
bind-pkcs11-devel-9.11.37-1.mga8
bind-sdb-chroot-9.11.37-1.mga8
bind-chroot-9.11.37-1.mga8
bind-9.11.37-1.mga8

from SRPM:
bind-9.11.37-1.mga8.src.rpm

Status: NEW => ASSIGNED
Assignee: pkg-bugs => qa-bugs
Source RPM: bind-9.16.25-2.mga9.src.rpm => bind-9.11.36-1.1.mga8.src.rpm
Whiteboard: MGA8TOO => (none)
Status comment: Fixed upstream in 9.11.37 and 9.16.27 => (none)
CC: (none) => nicolas.salguero
Version: Cauldron => 8
CVE: (none) => CVE-2021-25220

mga8, x64
Installed all 20 core packages before updating.
Tested before but had to refer to earlier bug reports for hints.

Queried the downloaded RPM to find out what bind-utils provides:
/usr/bin/arpaname
/usr/bin/delv
/usr/bin/dig
/usr/bin/host
/usr/bin/nslookup
/usr/bin/nsupdate
/usr/bin/queryperf

/usr/sbin/ddns-confgen
/usr/sbin/genrandom
/usr/sbin/isc-hmac-fixup
/usr/sbin/named-checkzone
/usr/sbin/named-compilezone
/usr/sbin/nsec3hash
/usr/sbin/tsig-keygen

$ sudo systemctl start named
$ sudo systemctl status named
OK
$ dig @localhost mageia.org
; <<>> DiG 9.11.37Mageia-1.mga8 <<>> @localhost mageia.org
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15219
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 5

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: f06e9010dde652c5ec283e1262376ff2ba2f80d825bceb8f (good)
;; QUESTION SECTION:
;mageia.org.			IN	A
[....]
$ delv @canopus -4 -c IN google.com A
; unsigned answer
google.com.		300	IN	A	172.217.169.14
$ nslookup google.com
Server:		............
Address:	............

Non-authoritative answer:
Name:	google.com
Address: 172.217.16.238
Name:	google.com
Address: 2a00:1450:4009:821::200e
$ host virginmedia.com
virginmedia.com has address 213.105.9.24
virginmedia.com mail is handled by 1 mx.tb.ukmail.iss.as9143.net.
$ nslookup 213.105.9.24
24.9.105.213.in-addr.arpa	name = www.virginmedia.com.

For lack of knowledge I need to leave this as it is.
The user utilities work at a basic level.

Whiteboard: (none) => MGA8-64-OK
CC: (none) => tarazed25

I run named on three of my installs. No regressions noticed. Validating the
update.

Keywords: (none) => validated_update
CC: (none) => davidwhodgins, sysadmin-bugs

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0108.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED