1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
|
CVE-2015-1349 bind: issue in trust anchor management can cause named to crash
commit 2e9d79f169663c9aff5f0dcdc626a2cd2dbb5892
Author: Evan Hunt <each@isc.org>
Date: Tue Feb 3 18:30:38 2015 -0800
[v9_9_6_patch] avoid crash due to managed-key rollover
4053. [security] Revoking a managed trust anchor and supplying
an untrusted replacement could cause named
to crash with an assertion failure.
(CVE-2015-1349) [RT #38344]
Upstream Status: Backport from Redhat
https://bugzilla.redhat.com/attachment.cgi?id=993045
Signed-off-by: Armin Kuster <akuster@mvista.com>
Index: bind-9.9.5/CHANGES
===================================================================
--- bind-9.9.5.orig/CHANGES
+++ bind-9.9.5/CHANGES
@@ -1,3 +1,10 @@
+ --- 9.9.6-P2 released ---
+
+4053. [security] Revoking a managed trust anchor and supplying
+ an untrusted replacement could cause named
+ to crash with an assertion failure.
+ (CVE-2015-1349) [RT #38344]
+
--- 9.9.5 released ---
--- 9.9.5rc2 released ---
Index: bind-9.9.5/lib/dns/zone.c
===================================================================
--- bind-9.9.5.orig/lib/dns/zone.c
+++ bind-9.9.5/lib/dns/zone.c
@@ -8496,6 +8496,12 @@ keyfetch_done(isc_task_t *task, isc_even
namebuf, tag);
trustkey = ISC_TRUE;
}
+ } else {
+ /*
+ * No previously known key, and the key is not
+ * secure, so skip it.
+ */
+ continue;
}
/* Delete old version */
@@ -8544,7 +8550,7 @@ keyfetch_done(isc_task_t *task, isc_even
trust_key(zone, keyname, &dnskey, mctx);
}
- if (!deletekey)
+ if (secure && !deletekey)
set_refreshkeytimer(zone, &keydata, now);
}
|