Your message dated Mon, 01 Aug 2005 02:32:15 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#318798: fixed in pdns 2.9.17-13sarge1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 17 Jul 2005 19:10:11 +0000
>From [EMAIL PROTECTED] Sun Jul 17 12:10:11 2005
Return-path: <[EMAIL PROTECTED]>
Received: from inutil.org (vserver151.vserver151.serverflex.de)
[193.22.164.111]
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1DuEWg-0000Vd-00; Sun, 17 Jul 2005 12:10:11 -0700
Received: from dsl-084-059-163-099.arcor-ip.net ([84.59.163.99]
helo=localhost.localdomain)
by vserver151.vserver151.serverflex.de with esmtpsa
(TLS-1.0:RSA_AES_256_CBC_SHA:32)
(Exim 4.50)
id 1DuEWe-0007lb-Kv
for [EMAIL PROTECTED]; Sun, 17 Jul 2005 21:10:08 +0200
Received: from jmm by localhost.localdomain with local (Exim 4.52)
id 1DuEWd-0001MY-8k; Sun, 17 Jul 2005 21:10:07 +0200
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Moritz Muehlenhoff <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: pdns-backend-ldap: Two security issues in LDAP backend
X-Mailer: reportbug 3.15
Date: Sun, 17 Jul 2005 21:10:07 +0200
Message-Id: <[EMAIL PROTECTED]>
X-SA-Exim-Connect-IP: 84.59.163.99
X-SA-Exim-Mail-From: [EMAIL PROTECTED]
X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond
expanded to false
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Package: pdns-backend-ldap
Version: 2.9.17
Severity: important
Tags: security
2.9.18 fixes two security relevant issues in the LDAP backend:
Quoting Bert Hubert:
PowerDNS 2.9.18 fixes two bugs with security implications, which
only apply to installations running on the LDAP backend, or
installations providing recursion to a limited range of IP
addresses. If any of these apply to you, an upgrade is highly
advised.
Version 2.9.18 release notes are on:
http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-18
Version 2.9.18 is available on:
http://www.powerdns.com/downloads/
Wiki, source, bugtracker: http://wiki.powerdns.com/
Security page: http://doc.powerdns.com/security-policy.html
Details:
* The LDAP backend did not properly escape all queries,
allowing it to fail and not answer questions. We have not
investigated further risks involved, but we advise LDAP
users to update as quickly as possible (Norbert Sendetzky,
Jan de Groot)
* Questions from clients denied recursion could blank out
answers to clients who are allowed recursion services,
temporarily. Reported by Wilco Baan. This would've made it
possible for outsiders to blank out a domain temporarily to
your users. Luckily PowerDNS would send out SERVFAIL or
Refused, and not a denial of a domain's existence.
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-rc5
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)
---------------------------------------
Received: (at 318798-close) by bugs.debian.org; 1 Aug 2005 09:53:54 +0000
>From [EMAIL PROTECTED] Mon Aug 01 02:53:54 2005
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian))
id 1DzWed-0006gf-00; Mon, 01 Aug 2005 02:32:15 -0700
From: Matthijs Mohlmann <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.56 $
Subject: Bug#318798: fixed in pdns 2.9.17-13sarge1
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Mon, 01 Aug 2005 02:32:15 -0700
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Source: pdns
Source-Version: 2.9.17-13sarge1
We believe that the bug you reported is fixed in the latest version of
pdns, which is due to be installed in the Debian FTP archive:
pdns-backend-geo_2.9.17-13sarge1_i386.deb
to pool/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_i386.deb
pdns-backend-ldap_2.9.17-13sarge1_i386.deb
to pool/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_i386.deb
pdns-backend-mysql_2.9.17-13sarge1_i386.deb
to pool/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_i386.deb
pdns-backend-pgsql_2.9.17-13sarge1_i386.deb
to pool/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_i386.deb
pdns-backend-pipe_2.9.17-13sarge1_i386.deb
to pool/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_i386.deb
pdns-backend-sqlite_2.9.17-13sarge1_i386.deb
to pool/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_i386.deb
pdns-doc_2.9.17-13sarge1_all.deb
to pool/main/p/pdns/pdns-doc_2.9.17-13sarge1_all.deb
pdns-recursor_2.9.17-13sarge1_i386.deb
to pool/main/p/pdns/pdns-recursor_2.9.17-13sarge1_i386.deb
pdns-server_2.9.17-13sarge1_i386.deb
to pool/main/p/pdns/pdns-server_2.9.17-13sarge1_i386.deb
pdns_2.9.17-13sarge1.diff.gz
to pool/main/p/pdns/pdns_2.9.17-13sarge1.diff.gz
pdns_2.9.17-13sarge1.dsc
to pool/main/p/pdns/pdns_2.9.17-13sarge1.dsc
pdns_2.9.17-13sarge1_i386.deb
to pool/main/p/pdns/pdns_2.9.17-13sarge1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Matthijs Mohlmann <[EMAIL PROTECTED]> (supplier of updated pdns package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 19 Jul 2005 13:28:58 +0200
Source: pdns
Binary: pdns-server pdns-backend-ldap pdns-backend-pipe pdns-backend-geo
pdns-backend-mysql pdns-recursor pdns pdns-backend-pgsql pdns-backend-sqlite
pdns-doc
Architecture: source i386 all
Version: 2.9.17-13sarge1
Distribution: stable-security
Urgency: high
Maintainer: Martin Schulze <[EMAIL PROTECTED]>
Changed-By: Matthijs Mohlmann <[EMAIL PROTECTED]>
Description:
pdns - meta package for the pdns nameserver
pdns-backend-geo - geo backend for PowerDNS
pdns-backend-ldap - LDAP backend for PowerDNS
pdns-backend-mysql - generic mysql backend for PowerDNS
pdns-backend-pgsql - generic PostgreSQL backend for PowerDNS
pdns-backend-pipe - pipe/coprocess backend for PowerDNS
pdns-backend-sqlite - sqlite backend for PowerDNS
pdns-doc - PowerDNS manual
pdns-recursor - PowerDNS recursor
pdns-server - extremely powerful and versatile nameserver
Closes: 318798
Changes:
pdns (2.9.17-13sarge1) stable-security; urgency=high
.
* The ldapbackend did not properly escape all queries, allowing it to fail
and not answer questions. [dosfix-ldapbackend.dpatch, CAN-2005-2301]
* Questions from clients denied recursion could blank out answers to clients
who are allowed recursion services,
temporarily. [blankout-domain-fix.dpatch, CAN-2005-2302]
(Closes: #318798)
* Added mechanism to remove bogus conffiles file for the meta package
pdns [pdns.conffiles] (Joey)
Files:
0853a39aeb6b4d6c9ba001f364d842bc 1018 net extra pdns_2.9.17-13sarge1.dsc
92489391182dc40012f1de7b2005ea93 782592 net extra pdns_2.9.17.orig.tar.gz
4c0437b86c5e3ccbffa6838012dbaf74 29798 net extra pdns_2.9.17-13sarge1.diff.gz
357a0624bcb110d7ce02f9a0b7bee292 16608 net extra pdns_2.9.17-13sarge1_i386.deb
c58056c3059d5f71687dfd5b9bfa6585 572496 net extra
pdns-server_2.9.17-13sarge1_i386.deb
4ced59cd5fb6f8b7cbe7347ec86f7839 165408 net extra
pdns-recursor_2.9.17-13sarge1_i386.deb
d6360752c244fa6e454a1f46680888bc 64598 net extra
pdns-backend-pipe_2.9.17-13sarge1_i386.deb
bb6937448e929f7a4cf2f7a7d186b0f3 190228 net extra
pdns-backend-ldap_2.9.17-13sarge1_i386.deb
7ed515d665879bfde98865dc9e0b5e8c 105884 net extra
pdns-backend-geo_2.9.17-13sarge1_i386.deb
ef863523590f6cbdbcb261031afedbb4 85610 net extra
pdns-backend-mysql_2.9.17-13sarge1_i386.deb
a4e44140e9864c592f90570e75020c23 56046 net extra
pdns-backend-pgsql_2.9.17-13sarge1_i386.deb
13a2d22faf21717300407bdedb204309 51370 net extra
pdns-backend-sqlite_2.9.17-13sarge1_i386.deb
bedb1d7a9eece3f76de635c23b4535d7 134202 doc extra
pdns-doc_2.9.17-13sarge1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFC44tbW5ql+IAeqTIRAprjAKCNZe93fJ/h9/aspXQNDwV478U5RgCeO6bd
L1LyVgZnQWBhIgXJcpN5ic4=
=9eKM
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
