ISC has issued an advisory today (January 16): https://kb.isc.org/article/AA-01542 The issue is fixed upstream in 9.11.2-P1: https://kb.isc.org/article/AA-01550 It is also fixed in 9.10.6-P1: https://kb.isc.org/article/AA-01548 Mageia 5 and Mageia 6 are also affected.
Whiteboard: (none) => MGA6TOO
Debian has issued an advisory for this on January 16: https://www.debian.org/security/2018/dsa-4089
Assigning to the registered maintainer.
Assignee: bugsquad => guillomovitchCC: (none) => marja11
bind-9.11.2.P1-1.mga7 uploaded for Cauldron by Guillaume.
Whiteboard: MGA6TOO => (none)Version: Cauldron => 6
I would like to update this core package for Mageia 5 also; sysadmins, please submit it. Update for Mageia 6 built: bind-9.10.6.P1-1.mga6 bind-sdb-9.10.6.P1-1.mga6 bind-utils-9.10.6.P1-1.mga6 bind-devel-9.10.6.P1-1.mga6 bind-doc-9.10.6.P1-1.mga6 python-bind-9.10.6.P1-1.mga6 from bind-9.10.6.P1-1.mga6.src.rpm
CC: (none) => guillomovitchAssignee: guillomovitch => sysadmin-bugs
Blocks: (none) => 22424
Mageia 5 update moved to Bug 22424. Advisory: ======================== Updated bind packages fix security vulnerability: BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named (CVE-2017-3145). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3145 https://kb.isc.org/article/AA-01542 https://kb.isc.org/article/AA-01548 ======================== Updated packages in core/updates_testing: ======================== bind-9.10.6.P1-1.mga6 bind-sdb-9.10.6.P1-1.mga6 bind-utils-9.10.6.P1-1.mga6 bind-devel-9.10.6.P1-1.mga6 bind-doc-9.10.6.P1-1.mga6 python-bind-9.10.6.P1-1.mga6 from bind-9.10.6.P1-1.mga6.src.rpm
Assignee: sysadmin-bugs => qa-bugs
Keywords: (none) => advisory
Testing M6/64 using: https://bugs.mageia.org/show_bug.cgi?id=19698#c3 bind-9.10.6.P1-1.mga6 bind-utils-9.10.6.P1-1.mga6 For the latter: 'host' is a simple utility for performing DNS lookups. It is normally used to convert names to IP addresses and vice versa. 'dig' is in the test procedure. 'nslookup' - query Internet name servers interactively ... is a program to query Internet domain name servers. 'query-loc' is a program to retrieve and display the location information in the DNS. $ queryperf -h DNS Query Performance Testing Tool Trying some of them, not knowing any Domain Name Servers other than Google's (it would be better with my ISP's DNS, forgot how to find it). # systemctl start named $ host madb.mageia.org madb.mageia.org has address 163.172.201.211 $ host 163.172.201.211 211.201.172.163.in-addr.arpa domain name pointer 163-172-201-211.rev.poneytelecom.eu Looks sensible. $ dig @localhost mageia.org [The test procedure referred to] ; <<>> DiG 9.10.6-P1 <<>> @localhost mageia.org ; (2 servers found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49064 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;mageia.org. IN A ;; ANSWER SECTION: mageia.org. 1800 IN A 163.172.148.228 ;; AUTHORITY SECTION: mageia.org. 86400 IN NS ns0.mageia.org. mageia.org. 86400 IN NS ns1.mageia.org. ;; Query time: 284 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Mer Ion 24 22:03:12 CET 2018 ;; MSG SIZE rcvd: 91 Missing the ADDITIONAL SECTION from the example ? The rest is similar. $ nslookup [interactive] > 88.88.88.88 Server: 212.27.40.240 Address: 212.27.40.240#53 ** server can't find 88.88.88.88.in-addr.arpa: NXDOMAIN > 212.27.40.240 Server: 212.27.40.240 Address: 212.27.40.240#53 Non-authoritative answer: 240.40.27.212.in-addr.arpa name = dns1.proxad.net. Authoritative answers can be found from: 40.27.212.in-addr.arpa nameserver = ns3.proxad.net. 40.27.212.in-addr.arpa nameserver = ns2.proxad.net. ^C Looks sensible. $ nslookup 88.88.88.88 Server: 212.27.40.240 Address: 212.27.40.240#53 ** server can't find 88.88.88.88.in-addr.arpa: NXDOMAIN $ nslookup 212.27.40.240 Server: 212.27.40.240 Address: 212.27.40.240#53 Non-authoritative answer: 240.40.27.212.in-addr.arpa name = dns1.proxad.net. Authoritative answers can be found from: 40.27.212.in-addr.arpa nameserver = ns3.proxad.net. 40.27.212.in-addr.arpa nameserver = ns2.proxad.net. I am happy to believe all this. OKing 64-bit update. Validating.
CC: (none) => sysadmin-bugsWhiteboard: (none) => MGA6-64-OKKeywords: (none) => has_procedure, validated_update
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0092.html
Status: NEW => RESOLVEDResolution: (none) => FIXED