Your message dated Thu, 30 Jan 2025 15:34:58 +0000
with message-id <e1tdwzg-00d5vq...@fasolo.debian.org>
and subject line Bug#1094735: fixed in bind9 1:9.20.5-1
has caused the Debian Bug report #1094735,
regarding bind9: CVE-2024-11187 CVE-2024-12705
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1094735: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094735
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: bind9
Version: 1:9.20.4-4
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Control: found -1 1:9.18.28-1~deb12u2
Control: fixed -1 1:9.18.33-1~deb12u2
Hi,
The following vulnerabilities were published for bind9.
CVE-2024-11187[0]:
| It is possible to construct a zone such that some queries to it will
| generate responses containing numerous records in the Additional
| section. An attacker sending many such queries can cause either the
| authoritative server itself or an independent resolver to use
| disproportionate resources processing the queries. Zones will
| usually need to have been deliberately crafted to attack this
| exposure. This issue affects BIND 9 versions 9.11.0 through 9.11.37,
| 9.16.0 through 9.16.50, 9.18.0 through 9.18.32, 9.20.0 through
| 9.20.4, 9.21.0 through 9.21.3, 9.11.3-S1 through 9.11.37-S1,
| 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.32-S1.
CVE-2024-12705[1]:
| Clients using DNS-over-HTTPS (DoH) can exhaust a DNS resolver's CPU
| and/or memory by flooding it with crafted valid or invalid HTTP/2
| traffic. This issue affects BIND 9 versions 9.18.0 through 9.18.32,
| 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 through
| 9.18.32-S1.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-11187
https://www.cve.org/CVERecord?id=CVE-2024-11187
https://kb.isc.org/docs/cve-2024-11187
[1] https://security-tracker.debian.org/tracker/CVE-2024-12705
https://www.cve.org/CVERecord?id=CVE-2024-12705
https://kb.isc.org/docs/cve-2024-12705
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: bind9
Source-Version: 1:9.20.5-1
Done: Ondřej Surý <ond...@debian.org>
We believe that the bug you reported is fixed in the latest version of
bind9, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1094...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ondřej Surý <ond...@debian.org> (supplier of updated bind9 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 27 Jan 2025 12:21:49 +0100
Source: bind9
Architecture: source
Version: 1:9.20.5-1
Distribution: unstable
Urgency: medium
Maintainer: Debian DNS Team <team+...@tracker.debian.org>
Changed-By: Ondřej Surý <ond...@debian.org>
Closes: 1094735
Changes:
bind9 (1:9.20.5-1) unstable; urgency=medium
.
* New upstream version 9.20.5 (Closes: #1094735)
- CVE-2024-12705: DNS-over-HTTPS flooding fixes
- CVE-2024-11187: Limit additional section processing for large RDATA
sets
* Drop libltdl-dev from Build-Depends, libuv wrappers are used
for dlopen and friends.
Checksums-Sha1:
4d12612ce8ba9aeb3c8a1f12541bd03c834d183d 2917 bind9_9.20.5-1.dsc
eed21c5160598a4405c5f17f3a0495d8f68fd7d7 5634832 bind9_9.20.5.orig.tar.xz
bd93ff36a2c392b779cbe543517e30c8b55256ab 59880 bind9_9.20.5-1.debian.tar.xz
3635a69fbaaff9f51f45bdc9a8e5c3ad1d1b7200 15153 bind9_9.20.5-1_amd64.buildinfo
Checksums-Sha256:
5e7fd5b5a4776e5154578ac69b9b0e3c87e7d3d5356a4654a364b80f415386b0 2917
bind9_9.20.5-1.dsc
19274fd739c023772b4212a0b6c201cf4364855fa7e6a7d3db49693f55db1ab8 5634832
bind9_9.20.5.orig.tar.xz
010aa1097c00394f218b4583094482d0d2b9675c307985497934a56a7670b15f 59880
bind9_9.20.5-1.debian.tar.xz
70d2bb134728e59e8f71a90ea5ef6bd07a5d3db8e0d4e0e23b441b1536f0a40f 15153
bind9_9.20.5-1_amd64.buildinfo
Files:
a2272f599e3ab6e85ec377cd7c03be82 2917 net optional bind9_9.20.5-1.dsc
c7648d5e22a44c9d7348574be5e032a0 5634832 net optional bind9_9.20.5.orig.tar.xz
0a58c1a29821e8dbc617d8d47f013df5 59880 net optional
bind9_9.20.5-1.debian.tar.xz
48b3aeeaf3970957313788cb960caec1 15153 net optional
bind9_9.20.5-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEEw2Gx4wKVQ+vGJel9g3Kkd++uWcIFAmeblpZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEMz
NjFCMUUzMDI5NTQzRUJDNjI1RTk3RDgzNzJBNDc3RUZBRTU5QzIACgkQg3Kkd++u
WcJliQ/+KxUs1Z6UbQrNbmZSTeJ1kqfPsR8fY2F3NiVp0YA99my4EwZi5Xyvgxo2
+HU+RbR9bk7FjfyvZ/ZSQDwYzqxlGaIzCx4Or5UNilQGsEPqfDHnFvx5Rcp5xGf3
rSXb5iLk7ZxO/fXs2N8r1AM3oyMS5mWr7YZhTlWwvgHlq4/ASNZt2b8nSYun4lYt
KByvZ16BIsdfD9ThG/MQIakTLLuSjyt0aICRZzHxArUW0wag2f6vcYzakuY9O/vy
J1fNuHyfX1yF15VMgkQL9IN8JiXmdANlvdePKEBN8jq4Y8tp8oBDrfLijN7k11Ba
mag2v2izYQOlCtneyGmyslwXitqhzlovqRSecVyVYdWxlBVdEP1g/N2fBZHPFbxd
HD8x+pw9bVsNAsR4/VC0m8IIsJvBfCuVRExpBVOKN8JCJpW4+AvAN2fW260JhFRy
6uVUr7AvcuoxmW0nR/GtDndUgPxYRPqz71NqPVtJoDjME4M9dF+8lZJ91ku7cbxw
Zh6Lwh+H6i/R0bj6+GegdP2p0716dmGxyWrDnslhGpg7Zvy9oe9PYaV+lVDV/414
2+r3p+/1N/+aLNdUr0PEtHGvhw7FWudvMYjbwtsUy/5SnlKZUemBb3TvVJk53Ztv
kmr+MJkc4wf7nRMGVM3Z+KbFT33EN/IPcKfbum98eeULFT2flGo=
=vELL
-----END PGP SIGNATURE-----
pgpzQEUVXFr_a.pgp
Description: PGP signature
--- End Message ---
