Bug 22409 - bind new security issue CVE-2017-3145
Summary: bind new security issue CVE-2017-3145
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 6
Hardware: All Linux
Priority: Normal critical
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA6-64-OK
Keywords: advisory, has_procedure, validated_update
Depends on:
Blocks: 22424
  Show dependency treegraph
 
Reported: 2018-01-17 03:56 CET by David Walser
Modified: 2018-01-24 23:38 CET (History)
3 users (show)

See Also:
Source RPM: bind-9.11.2-2.mga7.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2018-01-17 03:56:51 CET 
ISC has issued an advisory today (January 16):
https://kb.isc.org/article/AA-01542

The issue is fixed upstream in 9.11.2-P1:
https://kb.isc.org/article/AA-01550

It is also fixed in 9.10.6-P1:
https://kb.isc.org/article/AA-01548

Mageia 5 and Mageia 6 are also affected.
David Walser 2018-01-17 03:57:00 CET

Whiteboard: (none) => MGA6TOO

Comment 1 David Walser 2018-01-17 17:46:38 CET 
Debian has issued an advisory for this on January 16:
https://www.debian.org/security/2018/dsa-4089
Comment 2 Marja Van Waes 2018-01-18 07:32:27 CET 
Assigning to the registered maintainer.

Assignee: bugsquad => guillomovitch
CC: (none) => marja11

Comment 3 David Walser 2018-01-19 15:09:36 CET 
bind-9.11.2.P1-1.mga7 uploaded for Cauldron by Guillaume.

Whiteboard: MGA6TOO => (none)
Version: Cauldron => 6

Comment 4 David Walser 2018-01-19 15:40:42 CET 
I would like to update this core package for Mageia 5 also; sysadmins, please submit it.

Update for Mageia 6 built:
bind-9.10.6.P1-1.mga6
bind-sdb-9.10.6.P1-1.mga6
bind-utils-9.10.6.P1-1.mga6
bind-devel-9.10.6.P1-1.mga6
bind-doc-9.10.6.P1-1.mga6
python-bind-9.10.6.P1-1.mga6

from bind-9.10.6.P1-1.mga6.src.rpm

CC: (none) => guillomovitch
Assignee: guillomovitch => sysadmin-bugs

David Walser 2018-01-19 16:15:11 CET

Blocks: (none) => 22424

Comment 5 David Walser 2018-01-19 16:17:25 CET 
Mageia 5 update moved to Bug 22424.

Advisory:
========================

Updated bind packages fix security vulnerability:

BIND was improperly sequencing cleanup operations on upstream recursion fetch
contexts, leading in some cases to a use-after-free error that can trigger an
assertion failure and crash in named (CVE-2017-3145).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3145
https://kb.isc.org/article/AA-01542
https://kb.isc.org/article/AA-01548
========================

Updated packages in core/updates_testing:
========================
bind-9.10.6.P1-1.mga6
bind-sdb-9.10.6.P1-1.mga6
bind-utils-9.10.6.P1-1.mga6
bind-devel-9.10.6.P1-1.mga6
bind-doc-9.10.6.P1-1.mga6
python-bind-9.10.6.P1-1.mga6

from bind-9.10.6.P1-1.mga6.src.rpm

Assignee: sysadmin-bugs => qa-bugs

Lewis Smith 2018-01-22 09:42:27 CET

Keywords: (none) => advisory

Comment 6 Lewis Smith 2018-01-24 22:23:41 CET 
Testing M6/64
using: https://bugs.mageia.org/show_bug.cgi?id=19698#c3
 bind-9.10.6.P1-1.mga6
 bind-utils-9.10.6.P1-1.mga6
For the latter:
'host' is a simple utility for performing DNS lookups. It is normally used to convert names to IP addresses and vice versa.
'dig' is in the test procedure.
'nslookup' - query Internet name servers interactively ... is a program to query Internet domain name servers.
'query-loc' is a program to retrieve and display the location information in the DNS.
 $ queryperf -h
 DNS Query Performance Testing Tool

Trying some of them, not knowing any Domain Name Servers other than Google's
(it would be better with my ISP's DNS, forgot how to find it).
 # systemctl start named

 $ host madb.mageia.org
madb.mageia.org has address 163.172.201.211
 $ host 163.172.201.211
211.201.172.163.in-addr.arpa domain name pointer 163-172-201-211.rev.poneytelecom.eu
Looks sensible.
 
 $ dig @localhost mageia.org         [The test procedure referred to]

; <<>> DiG 9.10.6-P1 <<>> @localhost mageia.org
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49064
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;mageia.org.			IN	A

;; ANSWER SECTION:
mageia.org.		1800	IN	A	163.172.148.228

;; AUTHORITY SECTION:
mageia.org.		86400	IN	NS	ns0.mageia.org.
mageia.org.		86400	IN	NS	ns1.mageia.org.

;; Query time: 284 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mer Ion 24 22:03:12 CET 2018
;; MSG SIZE  rcvd: 91

Missing the ADDITIONAL SECTION from the example ? The rest is similar.

 $ nslookup     [interactive]
> 88.88.88.88
Server:		212.27.40.240
Address:	212.27.40.240#53

** server can't find 88.88.88.88.in-addr.arpa: NXDOMAIN
> 212.27.40.240
Server:		212.27.40.240
Address:	212.27.40.240#53

Non-authoritative answer:
240.40.27.212.in-addr.arpa	name = dns1.proxad.net.

Authoritative answers can be found from:
40.27.212.in-addr.arpa	nameserver = ns3.proxad.net.
40.27.212.in-addr.arpa	nameserver = ns2.proxad.net.
^C
Looks sensible.

 $ nslookup 88.88.88.88
Server:		212.27.40.240
Address:	212.27.40.240#53
** server can't find 88.88.88.88.in-addr.arpa: NXDOMAIN

 $ nslookup 212.27.40.240
Server:		212.27.40.240
Address:	212.27.40.240#53
Non-authoritative answer:
240.40.27.212.in-addr.arpa	name = dns1.proxad.net.

Authoritative answers can be found from:
40.27.212.in-addr.arpa	nameserver = ns3.proxad.net.
40.27.212.in-addr.arpa	nameserver = ns2.proxad.net.

I am happy to believe all this. OKing 64-bit update. Validating.

CC: (none) => sysadmin-bugs
Whiteboard: (none) => MGA6-64-OK
Keywords: (none) => has_procedure, validated_update

Comment 7 Mageia Robot 2018-01-24 23:38:46 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2018-0092.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.