Bug 9163 - bind new security issues CVE-2012-5689 and CVE-2013-2266
: bind new security issues CVE-2012-5689 and CVE-2013-2266
Status: RESOLVED FIXED
Product: Mageia
Classification: Unclassified
Component: Security
: 2
: i586 Linux
: Normal Severity: major
: ---
Assigned To: QA Team
:
: http://lwn.net/Vulnerabilities/539627/
: has_procedure mga2-32-ok MGA2-64-OK
: validated_update
:
:
  Show dependency treegraph
 
Reported: 2013-02-22 22:03 CET by David Walser
Modified: 2013-04-04 23:23 CEST (History)
5 users (show)

See Also:
Source RPM: bind-9.9.2.P1-4.mga3.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2013-02-22 22:03:38 CET
RedHat has issued an advisory on February 21:
https://rhn.redhat.com/errata/RHSA-2013-0550.html

Upstream hasn't released a new version to fix it, but RedHat has patched it.

Mageia 2 is also affected.

Reproducible: 

Steps to Reproduce:
Comment 1 David Walser 2013-03-26 19:31:22 CET
Here is the ISC article for CVE-2012-5689:
https://kb.isc.org/article/AA-00855

Has this been fixed upstream yet?

Upstream has also since released 9.9.2-P2 to fix CVE-2013-2226:
https://kb.isc.org/article/AA-00871
Comment 2 David Walser 2013-03-26 23:45:45 CET
Correction, the new CVE is CVE-2013-2266, not 2226.
Comment 3 David Walser 2013-03-29 17:05:13 CET
RedHat has issued an advisory for CVE-2013-2266 on March 28:
https://rhn.redhat.com/errata/RHSA-2013-0689.html

from http://lwn.net/Vulnerabilities/545189/
Comment 4 David Walser 2013-04-01 01:05:46 CEST
CVE-2012-5689 is not fixed upstream, so I committed the patch from RedHat and updated this in Cauldron.  Freeze push requested.
Comment 5 David Walser 2013-04-02 23:06:26 CEST
bind 9.9.2-P2 pushed in Cauldron.
Comment 6 David Walser 2013-04-02 23:22:35 CEST
Updated and patched package uploaded for Mageia 2.

Assigning to QA.

Advisory:
========================

Updated bind packages fix security vulnerabilities:

A flaw was found in the DNS64 implementation in BIND when using Response
Policy Zones (RPZ). If a remote attacker sent a specially-crafted query to
a named server that is using RPZ rewrite rules, named could exit
unexpectedly with an assertion failure. Note that DNS64 support is not
enabled by default (CVE-2012-5689).

A denial of service flaw was found in the libdns library. A remote attacker
could use this flaw to send a specially-crafted DNS query to named that,
when processed, would cause named to use an excessive amount of memory, or
possibly crash (CVE-2013-2266).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5689
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2266
https://kb.isc.org/article/AA-00855
https://kb.isc.org/article/AA-00871
https://kb.isc.org/article/AA-00889
https://rhn.redhat.com/errata/RHSA-2013-0550.html
https://rhn.redhat.com/errata/RHSA-2013-0689.html
========================

Updated packages in core/updates_testing:
========================
bind-9.9.2.P2-1.mga2
bind-sdb-9.9.2.P2-1.mga2
bind-utils-9.9.2.P2-1.mga2
bind-devel-9.9.2.P2-1.mga2
bind-doc-9.9.2.P2-1.mga2

from bind-9.9.2.P2-1.mga2.src.rpm
Comment 7 claire robinson 2013-04-04 12:32:15 CEST
No public PoC

Testing mga2 32
Comment 8 claire robinson 2013-04-04 12:38:48 CEST
Before
------
# service named start
Starting named (via systemctl):                                   [  OK  ]

# dig @localhost mageia.org

; <<>> DiG 9.9.2-P1 <<>> @localhost mageia.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16857
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;mageia.org.                    IN      A

;; ANSWER SECTION:
mageia.org.             3600    IN      A       217.70.188.116

;; AUTHORITY SECTION:
mageia.org.             3600    IN      NS      ns1.mageia.org.
mageia.org.             3600    IN      NS      ns0.mageia.org.

;; ADDITIONAL SECTION:
ns0.mageia.org.         86400   IN      A       212.85.158.146
ns1.mageia.org.         86400   IN      A       95.142.164.207

;; Query time: 464 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Apr  4 11:34:25 2013
;; MSG SIZE  rcvd: 123


After
-----
# service named restart
Restarting named (via systemctl):                                 [  OK  ]
# dig @localhost mageia.org

No regression noticed.
Comment 9 Dave Hodgins 2013-04-04 22:47:23 CEST
Testing complete on Mageia 2 x86-64.

Could someone from the sysadmin team push the srpm
bind-9.9.2.P2-1.mga2.src.rpm
from Mageia 2 Core Updates Testing to Core Updates.

Advisory: Updated bind packages fix security vulnerabilities:

A flaw was found in the DNS64 implementation in BIND when using Response
Policy Zones (RPZ). If a remote attacker sent a specially-crafted query to
a named server that is using RPZ rewrite rules, named could exit
unexpectedly with an assertion failure. Note that DNS64 support is not
enabled by default (CVE-2012-5689).

A denial of service flaw was found in the libdns library. A remote attacker
could use this flaw to send a specially-crafted DNS query to named that,
when processed, would cause named to use an excessive amount of memory, or
possibly crash (CVE-2013-2266).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5689
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2266
https://kb.isc.org/article/AA-00855
https://kb.isc.org/article/AA-00871
https://kb.isc.org/article/AA-00889
https://rhn.redhat.com/errata/RHSA-2013-0550.html
https://rhn.redhat.com/errata/RHSA-2013-0689.html

https://bugs.mageia.org/show_bug.cgi?id=9163
Comment 10 Thomas Backlund 2013-04-04 23:23:26 CEST
Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0105

Note You need to log in before you can comment on or make changes to this bug.