Bug#930875: marked as done (unblock: pdns/4.1.6-3)

Debian Bug Tracking System Sat, 22 Jun 2019 11:42:35 -0700

Your message dated Sat, 22 Jun 2019 20:39:49 +0200
with message-id <[email protected]>
and subject line Re: Bug#930875: unblock: pdns/4.1.6-3
has caused the Debian Bug report #930875,
regarding unblock: pdns/4.1.6-3
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
930875: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930875
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: release.debian.org
Severity: normal
User: [email protected]
Usertags: unblock

Dear Release Team,

Please unblock package pdns 4.1.6-3 which contains fixes for two CVEs:

CVE-2019-10162: Denial of service via crafted zone records
CVE-2019-10163: Denial of service via NOTIFY packets

Please find the debdiff from -2 below.

Thanks,
Chris

unblock pdns/4.1.6-3


diff -Nru pdns-4.1.6/debian/changelog pdns-4.1.6/debian/changelog
--- pdns-4.1.6/debian/changelog 2019-03-31 12:48:59.000000000 +0000
+++ pdns-4.1.6/debian/changelog 2019-06-21 19:07:07.000000000 +0000
@@ -1,3 +1,12 @@
+pdns (4.1.6-3) unstable; urgency=medium
+
+  * Fix Denial of service via crafted zone records (CVE-2019-10162)
+    using patch from upstream.
+  * Fix Denial of service via NOTIFY packets (CVE-2019-10163)
+    using patch from upstream.
+
+ -- Chris Hofstaedtler <[email protected]>  Fri, 21 Jun 2019 19:07:07 +0000
+
 pdns (4.1.6-2) unstable; urgency=high
 
   [ Salvatore Bonaccorso ]
diff -Nru pdns-4.1.6/debian/patches/CVE-2019-10162-4.1.8-invalidrecords.patch 
pdns-4.1.6/debian/patches/CVE-2019-10162-4.1.8-invalidrecords.patch
--- pdns-4.1.6/debian/patches/CVE-2019-10162-4.1.8-invalidrecords.patch 
1970-01-01 00:00:00.000000000 +0000
+++ pdns-4.1.6/debian/patches/CVE-2019-10162-4.1.8-invalidrecords.patch 
2019-06-21 19:07:07.000000000 +0000
@@ -0,0 +1,29 @@
+diff --git pdns-4.1.8/pdns/mastercommunicator.cc 
pdns-4.1.8-invalidrecords/pdns/mastercommunicator.cc
+index 456957a..ce0355c 100644
+--- pdns-4.1.8/pdns/mastercommunicator.cc
++++ pdns-4.1.8-invalidrecords/pdns/mastercommunicator.cc
+@@ -50,6 +50,7 @@ void CommunicatorClass::queueNotifyDomain(const DomainInfo& 
di, UeberBackend* B)
+   FindNS fns;
+ 
+ 
++  try {
+   if (d_onlyNotify.size()) {
+     B->lookup(QType(QType::NS), di.zone);
+     while(B->get(rr))
+@@ -77,6 +78,16 @@ void CommunicatorClass::queueNotifyDomain(const DomainInfo& 
di, UeberBackend* B)
+       hasQueuedItem=true;
+     }
+   }
++  }
++  catch (PDNSException &ae) {
++    L << Logger::Error << "Error looking up name servers for " << di.zone << 
", cannot notify: " << ae.reason << endl;
++    return;
++  }
++  catch (std::exception &e) {
++    L << Logger::Error << "Error looking up name servers for " << di.zone << 
", cannot notify: " << e.what() << endl;
++    return;
++  }
++
+ 
+   set<string> alsoNotify(d_alsoNotify);
+   B->alsoNotifies(di.zone, &alsoNotify);
diff -Nru 
pdns-4.1.6/debian/patches/CVE-2019-10162-4.1.8-invalidrecords.patch.asc 
pdns-4.1.6/debian/patches/CVE-2019-10162-4.1.8-invalidrecords.patch.asc
--- pdns-4.1.6/debian/patches/CVE-2019-10162-4.1.8-invalidrecords.patch.asc     
1970-01-01 00:00:00.000000000 +0000
+++ pdns-4.1.6/debian/patches/CVE-2019-10162-4.1.8-invalidrecords.patch.asc     
2019-06-21 19:07:07.000000000 +0000
@@ -0,0 +1,12 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQFOBAABCgA4FiEE1jAMq8v0abvjkuUDogjtT4r1hEYFAl0I6mcaHHJlbWkuZ2Fj
+b2duZUBwb3dlcmRucy5jb20ACgkQogjtT4r1hEZxXgf9G4rXQ3xmE6pPTnwkN+9P
+nrqhjIrbhIS8t2KNVqLjUADhxHOli8lLj84f/fLnJgRabA5mz7iFVhpcHmocJADI
+lldJsjke6qbG+oduP90TsOD0wTWvibdxpoyrQlE0KvZua7geI5nSudEAVFW/SdhQ
+ynWGCgEodG35QkLOYlF19iSkd7x52Hx8MvMUF3YDZU/IjAVIIVmS4ZdaYz32T3ih
+OfpMFcOsu7Lsk8RkecK9Hegkv9ohqXGGcfz8rGsyF0gBGqTOhZ2rPqEj66jG4x++
+wLNPOkFpJYKLW+tkPzj0ra56/zjmOPrWbZWlEORnlmrU9ZS9nYG5gfYJuPNAveCq
+Mw==
+=SR9f
+-----END PGP SIGNATURE-----
diff -Nru pdns-4.1.6/debian/patches/CVE-2019-10163-4.1.8-busyloop.patch 
pdns-4.1.6/debian/patches/CVE-2019-10163-4.1.8-busyloop.patch
--- pdns-4.1.6/debian/patches/CVE-2019-10163-4.1.8-busyloop.patch       
1970-01-01 00:00:00.000000000 +0000
+++ pdns-4.1.6/debian/patches/CVE-2019-10163-4.1.8-busyloop.patch       
2019-06-21 19:07:07.000000000 +0000
@@ -0,0 +1,16 @@
+diff --git pdns-4.1.8/pdns/communicator.cc 
pdns-4.1.8-busyloop/pdns/communicator.cc
+index 7db5a3e..7fd59e4 100644
+--- pdns-4.1.8/pdns/communicator.cc
++++ pdns-4.1.8-busyloop/pdns/communicator.cc
+@@ -136,7 +136,10 @@ void CommunicatorClass::mainloop(void)
+           if (extraSlaveRefresh)
+             slaveRefresh(&P);
+         }
+-        else { 
++        else {
++          // eat up extra posts to avoid busy looping if many posts were done
++          while (d_any_sem.tryWait() == 0) {
++          }
+           break; // something happened
+         }
+         // this gets executed at least once every second
diff -Nru pdns-4.1.6/debian/patches/CVE-2019-10163-4.1.8-busyloop.patch.asc 
pdns-4.1.6/debian/patches/CVE-2019-10163-4.1.8-busyloop.patch.asc
--- pdns-4.1.6/debian/patches/CVE-2019-10163-4.1.8-busyloop.patch.asc   
1970-01-01 00:00:00.000000000 +0000
+++ pdns-4.1.6/debian/patches/CVE-2019-10163-4.1.8-busyloop.patch.asc   
2019-06-21 19:07:07.000000000 +0000
@@ -0,0 +1,12 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQFOBAABCgA4FiEE1jAMq8v0abvjkuUDogjtT4r1hEYFAl0I6mcaHHJlbWkuZ2Fj
+b2duZUBwb3dlcmRucy5jb20ACgkQogjtT4r1hEZbcQf/XTC6bDxmwt4tEXXN6hXQ
++ArS6zRED2pbxCAipxvHtbj9xqhk343aNfrG4Y8kl32AmJuP76yGfNrFeiNtPWgA
+3zcuLxuyaCs/M7zMOtuYxcz6IhHBfZPZ+MixWSeJqsD5zV9kQT7LjvJR7ZeO87R5
+CBTz6vX4WzH0FW7aQnt3paYc0Rxn8H1LJQ8ytQCIch1kc2Xbn+qcW9velwP/hTPu
+iCgEHx4ntaQj4ohS2Ntd0CQa3NMKUyI17FybLfebUyNywWnh8NVU4hevgGOG3pCu
+oE7qe8+kms49hQiQPEGf5rst+MjVOrGwkiX7ydsT4udfHsH+F2Xb/qU1Tn20UjV4
+Bg==
+=bJOa
+-----END PGP SIGNATURE-----
diff -Nru pdns-4.1.6/debian/patches/series pdns-4.1.6/debian/patches/series
--- pdns-4.1.6/debian/patches/series    2019-03-31 12:48:59.000000000 +0000
+++ pdns-4.1.6/debian/patches/series    2019-06-21 19:07:07.000000000 +0000
@@ -1 +1,3 @@
 CVE-2019-3871-auth-4.1.6.patch
+CVE-2019-10162-4.1.8-invalidrecords.patch
+CVE-2019-10163-4.1.8-busyloop.patch

--- End Message ---

--- Begin Message ---
Hi Chris,

On 21-06-2019 21:48, Chris Hofstaedtler wrote:
> unblock pdns/4.1.6-3

Unblocked, thanks.

Paul
signature.asc
Description: OpenPGP digital signature

--- End Message ---

Bug#930875: marked as done (unblock: pdns/4.1.6-3)

Reply via email to