-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sat, 06 Nov 2010 11:34:33 -0600 Source: bind9 Binary: bind9 bind9utils bind9-doc bind9-host libbind-dev libbind9-50 libdns55 libisc50 liblwres50 libisccc50 libisccfg50 dnsutils lwresd Architecture: source all amd64 Version: 1:9.6.ESV.R2+dfsg-0+lenny1 Distribution: stable-security Urgency: low Maintainer: LaMont Jones Changed-By: LaMont Jones Description: bind9 - Internet Domain Name Server bind9-doc - Documentation for BIND bind9-host - Version of 'host' bundled with BIND 9.X bind9utils - Utilities for BIND dnsutils - Clients provided with BIND libbind-dev - Static Libraries and Headers used by BIND libbind9-50 - BIND9 Shared Library used by BIND libdns55 - DNS Shared Library used by BIND libisc50 - ISC Shared Library used by BIND libisccc50 - Command Channel Library used by BIND libisccfg50 - Config File Handling Library used by BIND liblwres50 - Lightweight Resolver Library used by BIND lwresd - Lightweight Resolver Daemon Changes: bind9 (1:9.6.ESV.R2+dfsg-0+lenny1) stable-security; urgency=low . [Internet Software Consortium, Inc] . * v9.6-ESV-R2. Addresses CVE-2010-3762 - Check that named successfully skips NSEC3 records that fail to match the NSEC3PARAM record currently in use. [RT# 21868] - Worked around an apparent race condition in over memory conditions. Without this fix a DNS cache DB or ADB could incorrectly stay in an over memory state, effectively refusing further caching, which subsequently made a BIND 9 caching server unworkable. This fix prevents this problem from happening by polling the state of the memory context, rather than making a copy of the state, which appeared to cause a race. This is a "workaround" in that it doesn't solve the possible race per se, but several experiments proved this change solves the symptom. Also, the polling overhead hasn't been reported to be an issue. This bug should only affect a caching server that specifies a finite max-cache-size. It's also quite likely that the bug happens only when enabling threads, but it's not confirmed yet. [RT #21818] - Named failed to accept uncachable negative responses from insecure zones. [RT# 21555] - The resolver could attempt to destroy a fetch context too soon. [RT #19878] - The placeholder negative caching element was not properly constructed triggering a INSIST in dns_ncache_towire(). [RT #21346] - Handle the introduction of new trusted-keys and DS, DLV RRsets better. [RT #21097] - Fix arguments to dns_keytable_findnextkeynode() call. [RT #20877] - Named could return SERVFAIL for negative responses from unsigned zones. [RT #21131] - Handle broken DNSSEC trust chains better. [RT #15619] . [LaMont Jones] . * meta: drop verisoned depends from library packages, for less upgrade pain * cleanup libisc version number. It should be libisc50, not libisc52 or libisc53 Checksums-Sha1: 4dcc7f8270fd239ac9610aa3c3b9b73c36ffa80d 1797 bind9_9.6.ESV.R2+dfsg-0+lenny1.dsc fca1ee926061c2e0455bda6aad9cf3c0be3fdf8b 5297649 bind9_9.6.ESV.R2+dfsg.orig.tar.gz a8d8dafa754a6450c1f338f7e17e1439f1a860e4 585888 bind9_9.6.ESV.R2+dfsg-0+lenny1.diff.gz b520c615a5c1d7babe8d58d27974d1ae9c321f06 283202 bind9-doc_9.6.ESV.R2+dfsg-0+lenny1_all.deb 843d1ace22afbdfc168e0d01dd8ab9e7939f8d62 292140 bind9_9.6.ESV.R2+dfsg-0+lenny1_amd64.deb ef9887948c0341ce65d90b617c72557e966da95f 107844 bind9utils_9.6.ESV.R2+dfsg-0+lenny1_amd64.deb 55b70852407824dfc58b9507d8d6ac8816b3ee10 66200 bind9-host_9.6.ESV.R2+dfsg-0+lenny1_amd64.deb 693a4dbb50800e7e3c63d81c46937c24b804b29d 1417604 libbind-dev_9.6.ESV.R2+dfsg-0+lenny1_amd64.deb d9021fa2f2c486ac67ae31f1ba34bb0f4249c847 33432 libbind9-50_9.6.ESV.R2+dfsg-0+lenny1_amd64.deb b2b13151854d03d9c524cdf3f3d183c45ec8971f 667272 libdns55_9.6.ESV.R2+dfsg-0+lenny1_amd64.deb ce2067385d7d57c9ad11e3ca0b323b36e71f98d5 169646 libisc50_9.6.ESV.R2+dfsg-0+lenny1_amd64.deb b07593ab07828f1d2422aad5015c8da1ca41bf72 49330 liblwres50_9.6.ESV.R2+dfsg-0+lenny1_amd64.deb d902f3fac3da72a7a4a723d513380748fd13e1f3 30036 libisccc50_9.6.ESV.R2+dfsg-0+lenny1_amd64.deb 7bf57048c1e752f66b80d3b9e81b35c2fc804fa8 52196 libisccfg50_9.6.ESV.R2+dfsg-0+lenny1_amd64.deb 93da8da678b68b5b7a9b53097052b2445b908a08 157740 dnsutils_9.6.ESV.R2+dfsg-0+lenny1_amd64.deb e33239fd7fcf57f2794beee84f84b4b3a5467549 227368 lwresd_9.6.ESV.R2+dfsg-0+lenny1_amd64.deb Checksums-Sha256: 8fc611073d8b2f6250c42c7b9a6654e2262cc255d33f4cecbbe7f0b63bb7a0dc 1797 bind9_9.6.ESV.R2+dfsg-0+lenny1.dsc a82451de2f6e97e942d636c83abf9820acb9b52b56a7e80c8ea83e8a084a1968 5297649 bind9_9.6.ESV.R2+dfsg.orig.tar.gz f7591015593aaadc165b2a47cc9d9b655ceb994164fa4081962dbe6923e1a27b 585888 bind9_9.6.ESV.R2+dfsg-0+lenny1.diff.gz ccded0f1963f603812b456a29bba1d9300105116ba6041600440fdde5222dd71 283202 bind9-doc_9.6.ESV.R2+dfsg-0+lenny1_all.deb b29b0fd65dfdcd16a848e45363674a3c619f2e33f2ac09be2d7f7c636570a1aa 292140 bind9_9.6.ESV.R2+dfsg-0+lenny1_amd64.deb 664a6c87aeeb2af5111f8e37607f9ece04f445ba7c4248de0245fa8d1090f696 107844 bind9utils_9.6.ESV.R2+dfsg-0+lenny1_amd64.deb 551bdf8a8ee1b563595139199bf80e460006ff5763857a57eb0137bb3d52df3b 66200 bind9-host_9.6.ESV.R2+dfsg-0+lenny1_amd64.deb 3e83c07d412ae79779f03cf62b732a9707a97cb80fd35a725af0804609ee3869 1417604 libbind-dev_9.6.ESV.R2+dfsg-0+lenny1_amd64.deb aa04d2efb742e16c25bd27bd99d20b61d1c26416bc1601563b1b73546c7ed022 33432 libbind9-50_9.6.ESV.R2+dfsg-0+lenny1_amd64.deb 01a21d00f8580eea44f481d5225d1c8c43d2efcf801056cd3a3cb789a6d901f4 667272 libdns55_9.6.ESV.R2+dfsg-0+lenny1_amd64.deb 570f5af7d937d5ea0af1220b053e192a890621c7d3173572ada669f86b80e9b2 169646 libisc50_9.6.ESV.R2+dfsg-0+lenny1_amd64.deb 09bf2b167a1f82e618671d39bd5e8ab6352d30e3d8d0b1a264aed6e12c5dd8fc 49330 liblwres50_9.6.ESV.R2+dfsg-0+lenny1_amd64.deb b07b0e94ada0869c68208d89168eef2043bf960757b3dbd2b865cd637467ace0 30036 libisccc50_9.6.ESV.R2+dfsg-0+lenny1_amd64.deb 2f0b3c0c1174b03b352df708c00d42520339a607a83043c85caee272266a64a0 52196 libisccfg50_9.6.ESV.R2+dfsg-0+lenny1_amd64.deb 0f271e7dbb6c5876bd428af2e36f4be45e8fcf426970f9141a22730a8d09cc18 157740 dnsutils_9.6.ESV.R2+dfsg-0+lenny1_amd64.deb f779287e41ede3d99d67836deed59ec615032608abbe1d3854dc697f0e0e0526 227368 lwresd_9.6.ESV.R2+dfsg-0+lenny1_amd64.deb Files: d8a6e5a5ed120394236ea13ffdbd6f62 1797 net optional bind9_9.6.ESV.R2+dfsg-0+lenny1.dsc 6fa8da2e5b0800890974b2c91c14bf1f 5297649 net optional bind9_9.6.ESV.R2+dfsg.orig.tar.gz ea0513513b43f1322d846c898e8c512f 585888 net optional bind9_9.6.ESV.R2+dfsg-0+lenny1.diff.gz f4c3698bc3e9d439c5e5da182aab1ade 283202 doc optional bind9-doc_9.6.ESV.R2+dfsg-0+lenny1_all.deb 17638f228d2821a9ca540e1e6a1ed9a1 292140 net optional bind9_9.6.ESV.R2+dfsg-0+lenny1_amd64.deb 9dcdf600e6ba58e59088add61539c663 107844 net optional bind9utils_9.6.ESV.R2+dfsg-0+lenny1_amd64.deb fc03274fb5e8bbb3b76b120b68f10b85 66200 net standard bind9-host_9.6.ESV.R2+dfsg-0+lenny1_amd64.deb 11498302bb14e4e0b5c544f718bc54f9 1417604 libdevel optional libbind-dev_9.6.ESV.R2+dfsg-0+lenny1_amd64.deb 12cf602b4155aba27b308234c66ef119 33432 libs standard libbind9-50_9.6.ESV.R2+dfsg-0+lenny1_amd64.deb 82aa824a36a9152d2dcf66247217938c 667272 libs standard libdns55_9.6.ESV.R2+dfsg-0+lenny1_amd64.deb dc22fee1b124a032944469cf9f138e32 169646 libs standard libisc50_9.6.ESV.R2+dfsg-0+lenny1_amd64.deb 3d699518f67690cf485dd4241a629f9c 49330 libs standard liblwres50_9.6.ESV.R2+dfsg-0+lenny1_amd64.deb 7f17381efb9d2d100344fe6807a61524 30036 libs standard libisccc50_9.6.ESV.R2+dfsg-0+lenny1_amd64.deb 3c13c986913c37c936d84bc63676d320 52196 libs standard libisccfg50_9.6.ESV.R2+dfsg-0+lenny1_amd64.deb b47a7e0e4fdbfa695ab69c466eb0cec9 157740 net standard dnsutils_9.6.ESV.R2+dfsg-0+lenny1_amd64.deb a733770352f9264883cbcc59e15567c0 227368 net optional lwresd_9.6.ESV.R2+dfsg-0+lenny1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iQEcBAEBAgAGBQJM1xihAAoJEL97/wQC1SS+idcH/i+sWu2KH6f9fbHOA46k/gm8 MCUs54yDTMJ+A7Iq1xQDK+oiVXPMrH3AnKOJPrsJ2CQSGL4JO7OrlYfcrAoCjnWo kOCYzDR8LYXhd7YJy+glOH9NzL44BDlK5Nb1Dh3SLvcpbSgbJ8N2fSJiqXyItPKe 5ojcVefZuFXM5ExuBL0g1/wle0yW0Hm8vZxGoRtVPq47fPzjYlSqxlauPqX++QsW 8EQdMdVpzTfuiF2V2I5avKGo3tvrmTTtixUEkRsOabV46jMkN9UKEHPIkqc0CpWU As7RDJvtOUwK6INqP6d5FO1S96r9wtB0xxjPEt8p3OaF6xuhptqDyDkX7To7qGo= =sGmi -----END PGP SIGNATURE-----