Commits

Anonymous committed d162f78

SECURITY UPDATE: CVE-2011-0414 IXFR/DDNS updates

* SECURITY UPDATE: denial of service via IXFR or DDNS update
- debian/patches/CVE-2011-0414.patch: Use correct lock in
lib/dns/rbtdb.c.
- CVE-2011-0414

Signed-off-by: LaMont Jones <lamont@debian.org>

committer: LaMont Jones <lamont@debian.org>

Comments (0)

Files changed (4)

+bind9 (1:9.7.1.dfsg.P2-2ubuntu0.2) maverick-security; urgency=low
+
+  * SECURITY UPDATE: denial of service via IXFR or DDNS update
+    - debian/patches/CVE-2011-0414.patch: Use correct lock in
+      lib/dns/rbtdb.c.
+    - CVE-2011-0414
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 23 Feb 2011 08:30:32 -0500
+
 bind9 (1:9.7.1.dfsg.P2-2ubuntu0.1) maverick-security; urgency=low
 
   * SECURITY UPDATE: denial of service via ncache entry and a rrsig for the
 Source: bind9
 Section: net
 Priority: optional
-Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss@lists.ubuntu.com>
+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
 XSBC-Original-Maintainer: LaMont Jones <lamont@debian.org>
 Uploaders: Bdale Garbee <bdale@gag.com>
 Build-Depends: libkrb5-dev, debhelper (>= 5), libssl-dev, libtool, bison, libdb-dev (>>4.6), libldap2-dev, libxml2-dev, libcap2-dev [!kfreebsd-i386 !kfreebsd-amd64 !hurd-i386], hardening-wrapper, libgeoip-dev (>= 1.4.6.dfsg-5)
  the BIND 9 lightweight resolver library.  It is essentially a stripped-
  down, caching-only name server that answers queries using the BIND 9
  lightweight resolver protocol rather than the DNS protocol.
-

debian/patches/CVE-2011-0414.patch

+Description: fix denial of service via IXFR or DDNS update
+Origin: upstream, extracted from 9.7.3 tarball
+
+Index: bind9-9.7.1.dfsg.P2/lib/dns/rbtdb.c
+===================================================================
+--- bind9-9.7.1.dfsg.P2.orig/lib/dns/rbtdb.c	2011-02-23 08:30:13.000000000 -0500
++++ bind9-9.7.1.dfsg.P2/lib/dns/rbtdb.c	2011-02-23 08:30:24.000000000 -0500
+@@ -2116,7 +2116,7 @@
+ 	unsigned int locknum;
+ 	unsigned int refs;
+ 
+-	RBTDB_LOCK(&rbtdb->lock, isc_rwlocktype_write);
++	RWLOCK(&rbtdb->tree_lock, isc_rwlocktype_write);
+ 	for (locknum = 0; locknum < rbtdb->node_lock_count; locknum++) {
+ 		NODE_LOCK(&rbtdb->node_locks[locknum].lock,
+ 			  isc_rwlocktype_write);
+@@ -2126,7 +2126,7 @@
+ 		NODE_UNLOCK(&rbtdb->node_locks[locknum].lock,
+ 			    isc_rwlocktype_write);
+ 	}
+-	RBTDB_UNLOCK(&rbtdb->lock, isc_rwlocktype_write);
++	RWUNLOCK(&rbtdb->tree_lock, isc_rwlocktype_write);
+ 	if (again)
+ 		isc_task_send(task, &event);
+ 	else {

debian/patches/series

+CVE-2011-0414.patch
 debian-changes-1:9.7.1.dfsg.P2-2
 CVE-2010-3613-3614.patch
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.