Your message dated Sat, 30 Jul 2005 15:50:02 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#318798: fixed in pdns 2.9.18-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 17 Jul 2005 19:10:11 +0000
>From [EMAIL PROTECTED] Sun Jul 17 12:10:11 2005
Return-path: <[EMAIL PROTECTED]>
Received: from inutil.org (vserver151.vserver151.serverflex.de)
[193.22.164.111]
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1DuEWg-0000Vd-00; Sun, 17 Jul 2005 12:10:11 -0700
Received: from dsl-084-059-163-099.arcor-ip.net ([84.59.163.99]
helo=localhost.localdomain)
by vserver151.vserver151.serverflex.de with esmtpsa
(TLS-1.0:RSA_AES_256_CBC_SHA:32)
(Exim 4.50)
id 1DuEWe-0007lb-Kv
for [EMAIL PROTECTED]; Sun, 17 Jul 2005 21:10:08 +0200
Received: from jmm by localhost.localdomain with local (Exim 4.52)
id 1DuEWd-0001MY-8k; Sun, 17 Jul 2005 21:10:07 +0200
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Moritz Muehlenhoff <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: pdns-backend-ldap: Two security issues in LDAP backend
X-Mailer: reportbug 3.15
Date: Sun, 17 Jul 2005 21:10:07 +0200
Message-Id: <[EMAIL PROTECTED]>
X-SA-Exim-Connect-IP: 84.59.163.99
X-SA-Exim-Mail-From: [EMAIL PROTECTED]
X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond
expanded to false
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Package: pdns-backend-ldap
Version: 2.9.17
Severity: important
Tags: security
2.9.18 fixes two security relevant issues in the LDAP backend:
Quoting Bert Hubert:
PowerDNS 2.9.18 fixes two bugs with security implications, which
only apply to installations running on the LDAP backend, or
installations providing recursion to a limited range of IP
addresses. If any of these apply to you, an upgrade is highly
advised.
Version 2.9.18 release notes are on:
http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-18
Version 2.9.18 is available on:
http://www.powerdns.com/downloads/
Wiki, source, bugtracker: http://wiki.powerdns.com/
Security page: http://doc.powerdns.com/security-policy.html
Details:
* The LDAP backend did not properly escape all queries,
allowing it to fail and not answer questions. We have not
investigated further risks involved, but we advise LDAP
users to update as quickly as possible (Norbert Sendetzky,
Jan de Groot)
* Questions from clients denied recursion could blank out
answers to clients who are allowed recursion services,
temporarily. Reported by Wilco Baan. This would've made it
possible for outsiders to blank out a domain temporarily to
your users. Luckily PowerDNS would send out SERVFAIL or
Refused, and not a denial of a domain's existence.
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-rc5
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)
---------------------------------------
Received: (at 318798-close) by bugs.debian.org; 30 Jul 2005 23:04:38 +0000
>From [EMAIL PROTECTED] Sat Jul 30 16:04:37 2005
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian))
id 1Dz09a-0005VQ-00; Sat, 30 Jul 2005 15:50:02 -0700
From: Debian PowerDNS Maintainers <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.56 $
Subject: Bug#318798: fixed in pdns 2.9.18-1
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Sat, 30 Jul 2005 15:50:02 -0700
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Source: pdns
Source-Version: 2.9.18-1
We believe that the bug you reported is fixed in the latest version of
pdns, which is due to be installed in the Debian FTP archive:
pdns-backend-geo_2.9.18-1_i386.deb
to pool/main/p/pdns/pdns-backend-geo_2.9.18-1_i386.deb
pdns-backend-ldap_2.9.18-1_i386.deb
to pool/main/p/pdns/pdns-backend-ldap_2.9.18-1_i386.deb
pdns-backend-mysql_2.9.18-1_i386.deb
to pool/main/p/pdns/pdns-backend-mysql_2.9.18-1_i386.deb
pdns-backend-pgsql_2.9.18-1_i386.deb
to pool/main/p/pdns/pdns-backend-pgsql_2.9.18-1_i386.deb
pdns-backend-pipe_2.9.18-1_i386.deb
to pool/main/p/pdns/pdns-backend-pipe_2.9.18-1_i386.deb
pdns-backend-sqlite_2.9.18-1_i386.deb
to pool/main/p/pdns/pdns-backend-sqlite_2.9.18-1_i386.deb
pdns-doc_2.9.18-1_all.deb
to pool/main/p/pdns/pdns-doc_2.9.18-1_all.deb
pdns-recursor_2.9.18-1_i386.deb
to pool/main/p/pdns/pdns-recursor_2.9.18-1_i386.deb
pdns-server_2.9.18-1_i386.deb
to pool/main/p/pdns/pdns-server_2.9.18-1_i386.deb
pdns_2.9.18-1.diff.gz
to pool/main/p/pdns/pdns_2.9.18-1.diff.gz
pdns_2.9.18-1.dsc
to pool/main/p/pdns/pdns_2.9.18-1.dsc
pdns_2.9.18-1_i386.deb
to pool/main/p/pdns/pdns_2.9.18-1_i386.deb
pdns_2.9.18.orig.tar.gz
to pool/main/p/pdns/pdns_2.9.18.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Debian PowerDNS Maintainers <[EMAIL PROTECTED]> (supplier of updated pdns
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 29 Jul 2005 20:24:33 +0200
Source: pdns
Binary: pdns-server pdns-backend-ldap pdns-backend-pipe pdns-backend-geo
pdns-backend-mysql pdns-recursor pdns pdns-backend-pgsql pdns-backend-sqlite
pdns-doc
Architecture: source i386 all
Version: 2.9.18-1
Distribution: unstable
Urgency: high
Maintainer: Debian PowerDNS Maintainers <[EMAIL PROTECTED]>
Changed-By: Debian PowerDNS Maintainers <[EMAIL PROTECTED]>
Description:
pdns - meta package for the pdns nameserver
pdns-backend-geo - geo backend for PowerDNS
pdns-backend-ldap - LDAP backend for PowerDNS
pdns-backend-mysql - generic mysql backend for PowerDNS
pdns-backend-pgsql - generic PostgreSQL backend for PowerDNS
pdns-backend-pipe - pipe/coprocess backend for PowerDNS
pdns-backend-sqlite - sqlite backend for PowerDNS
pdns-doc - PowerDNS manual
pdns-recursor - PowerDNS recursor
pdns-server - extremely powerful and versatile nameserver
Closes: 318798
Changes:
pdns (2.9.18-1) unstable; urgency=high
.
* New upstream release (Closes: #318798)
* Drop patches: 64bit-compile-fix.dpatch, addfeatures-ldapbackend.dpatch,
amd64-compilefix.dpatch, blankout-domain-fix.dpatch,
consistent-sql.dpatch, dosfix-ldapbackend.dpatch, fix-exit-status.dpatch,
gpgsql-compilefix.dpatch, gsqlite-compilefix.dpatch, gsqlite-slave.dpatch,
recursor-slowdown.patch.dpatch, typoinitscript.dpatch, zone2ldap.dpatch
They are applied upstream.
* The ldapbackend did not properly escape all queries, allowing it to fail
and not answer questions. (CAN-2005-2301)
* Questions from clients denied recursion could blank out answers to clients
who are allowed recursion services, temporarily. (CAN-2005-2302)
Files:
391b6a859599ee262ce6e866ed195fb2 1023 net extra pdns_2.9.18-1.dsc
813de528673be37183507eaf4de773a4 819855 net extra pdns_2.9.18.orig.tar.gz
32f16e819b9a06f8737e73eabb4bea46 25128 net extra pdns_2.9.18-1.diff.gz
c7d8ed51cec61e0cb5a71cbb1763550b 16438 net extra pdns_2.9.18-1_i386.deb
b3ba266bf73671574b9182cce6c1d7d1 619750 net extra pdns-server_2.9.18-1_i386.deb
d7ad8ddef49653965343f4b3d8759422 197178 net extra
pdns-recursor_2.9.18-1_i386.deb
279bf51df859e230bf65e147f4a7dc9b 68704 net extra
pdns-backend-pipe_2.9.18-1_i386.deb
667bb34bba9b4644c5dc646aa689c118 209708 net extra
pdns-backend-ldap_2.9.18-1_i386.deb
a8bbfd62f68164d901c22d5f70fbcec5 105832 net extra
pdns-backend-geo_2.9.18-1_i386.deb
86932ef8979c9b698655487132f57b27 94432 net extra
pdns-backend-mysql_2.9.18-1_i386.deb
29947b6d79421e93d00b335189d1d86a 69904 net extra
pdns-backend-pgsql_2.9.18-1_i386.deb
65fa8b6a8c1f1fcf1ccd43614fded313 66162 net extra
pdns-backend-sqlite_2.9.18-1_i386.deb
f83f40cda6f74801b4e2f9ee34431101 139184 doc extra pdns-doc_2.9.18-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFC6/pSCV53xXnMZYYRAhYnAKDpuMuD/udp58/mdRhpALYI9ZhJ7ACfcBVf
Qd03NAj4wcPPPJ5rMpG8LAI=
=/AKn
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
