Bug 928027 (CVE-2013-2266)
Summary: | CVE-2013-2266 bind: libdns regular expressions excessive resource consumption DoS | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Jan Lieskovsky <jlieskov> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | atkac, kmoriwak, njh, thozza, tis, tkubota, yohmura |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-03-28 22:07:21 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 928032, 928271, 928272, 928273, 928274 | ||
Bug Blocks: | 928028 |
Description
Jan Lieskovsky
2013-03-26 17:51:33 UTC
Created bind tracking bugs for this issue Affects: fedora-all [bug 928032] *** Bug 928011 has been marked as a duplicate of this bug. *** This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2013:0690 https://rhn.redhat.com/errata/RHSA-2013-0690.html This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2013:0689 https://rhn.redhat.com/errata/RHSA-2013-0689.html Is there a URL to a set of diffs for this fix? (In reply to comment #18) > Is there a URL to a set of diffs for this fix? You can simply diff bind-9.8.4-P1 and bind-9.8.4-P2 upstream releases. This is the patch (please note that I stripped regeneration of configure script and some comments): diff -urp bind-9.8.4-P1/config.h.in bind-9.8.4-P2/config.h.in --- bind-9.8.4-P1/config.h.in 2012-10-26 06:52:55.000000000 +0200 +++ bind-9.8.4-P2/config.h.in 2013-03-06 17:57:05.000000000 +0100 @@ -286,9 +286,6 @@ int sigwait(const unsigned int *set, int /* Define if your OpenSSL version supports GOST. */ #undef HAVE_OPENSSL_GOST -/* Define to 1 if you have the <regex.h> header file. */ -#undef HAVE_REGEX_H - /* Define to 1 if you have the `setegid' function. */ #undef HAVE_SETEGID diff -urp bind-9.8.4-P1/configure.in bind-9.8.4-P2/configure.in --- bind-9.8.4-P1/configure.in 2012-10-26 06:52:55.000000000 +0200 +++ bind-9.8.4-P2/configure.in 2013-03-06 17:57:05.000000000 +0100 @@ -298,7 +298,7 @@ esac AC_HEADER_STDC -AC_CHECK_HEADERS(fcntl.h regex.h sys/time.h unistd.h sys/sockio.h sys/select.h sys/param.h sys/sysctl.h net/if6.h,,, +AC_CHECK_HEADERS(fcntl.h sys/time.h unistd.h sys/sockio.h sys/select.h sys/param.h sys/sysctl.h net/if6.h,,, [$ac_includes_default #ifdef HAVE_SYS_PARAM_H # include <sys/param.h> External References: https://kb.isc.org/article/AA-00871 https://kb.isc.org/article/AA-00879 Statement: This issue did not affect the versions of bind package as shipped with Red Hat Enterprise Linux 3, 4, and 5. This issue was corrected in bind97 packages in Red Hat Enterprise Linux 5 and bind packages in Red Hat Enterprise Linux 6. bind-9.9.2-10.P2.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report. bind-9.9.2-7.P2.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report. |