| 2022-11-22 13:15:25 |
Maxxer |
bug |
|
|
added bug |
| 2022-11-23 15:49:24 |
Sergio Durigan Junior |
bind9 (Ubuntu): status |
New |
Incomplete |
|
| 2022-11-23 15:49:33 |
Sergio Durigan Junior |
bug |
|
|
added subscriber Sergio Durigan Junior |
| 2022-11-24 16:33:48 |
John Edwards |
bug |
|
|
added subscriber John Edwards |
| 2022-11-24 16:35:53 |
John Edwards |
bind9 (Ubuntu): status |
Incomplete |
New |
|
| 2022-11-25 13:48:51 |
Launchpad Janitor |
bind9 (Ubuntu): status |
New |
Confirmed |
|
| 2022-11-30 06:51:04 |
Emilian Mitocariu |
bug |
|
|
added subscriber Emilian Mitocariu |
| 2022-12-08 19:59:45 |
Benjamin Guebert |
bug |
|
|
added subscriber Benjamin Guebert |
| 2023-01-04 03:44:45 |
Sergio Durigan Junior |
bind9 (Ubuntu): assignee |
|
Sergio Durigan Junior (sergiodj) |
|
| 2023-01-04 03:44:55 |
Sergio Durigan Junior |
nominated for series |
|
Ubuntu Jammy |
|
| 2023-01-04 03:44:55 |
Sergio Durigan Junior |
bug task added |
|
bind9 (Ubuntu Jammy) |
|
| 2023-01-04 03:45:08 |
Sergio Durigan Junior |
bug task deleted |
bind9 (Ubuntu Jammy) |
|
|
| 2023-01-04 03:45:39 |
Sergio Durigan Junior |
nominated for series |
|
Ubuntu Focal |
|
| 2023-01-04 03:45:39 |
Sergio Durigan Junior |
bug task added |
|
bind9 (Ubuntu Focal) |
|
| 2023-01-04 03:45:48 |
Sergio Durigan Junior |
bind9 (Ubuntu Focal): assignee |
|
Sergio Durigan Junior (sergiodj) |
|
| 2023-01-04 03:45:58 |
Sergio Durigan Junior |
bind9 (Ubuntu Focal): status |
New |
Confirmed |
|
| 2023-01-04 03:46:05 |
Sergio Durigan Junior |
bind9 (Ubuntu): status |
Confirmed |
Fix Released |
|
| 2023-01-04 03:46:42 |
Sergio Durigan Junior |
tags |
amd64 apport-bug focal |
amd64 apport-bug focal server-todo |
|
| 2023-01-04 03:46:52 |
Sergio Durigan Junior |
bind9 (Ubuntu Focal): importance |
Undecided |
High |
|
| 2023-01-04 16:20:16 |
Sergio Durigan Junior |
bug |
|
|
added subscriber Ubuntu Server |
| 2023-01-04 19:00:41 |
Sergio Durigan Junior |
summary |
isc-worker0003 segfault at 8 ip 00007f2361995166 sp 00007f235b2da530 error 4 in libisc. so.1601.0.0[7f2361973000+46000] |
bind9 segfaults on certain stressful scenarios |
|
| 2023-01-04 19:00:53 |
Sergio Durigan Junior |
bug task added |
|
bind |
|
| 2023-01-04 19:01:14 |
Sergio Durigan Junior |
bug task deleted |
bind |
|
|
| 2023-01-04 19:01:46 |
Sergio Durigan Junior |
bug watch added |
|
https://gitlab.isc.org/isc-projects/bind9/-/issues/1956 |
|
| 2023-01-04 19:07:22 |
Sergio Durigan Junior |
description |
The server acts as Samba AD DC
ProblemType: Bug
DistroRelease: Ubuntu 20.04
Package: bind9 1:9.16.1-0ubuntu2.11
ProcVersionSignature: Ubuntu 5.4.0-122.138-generic 5.4.192
Uname: Linux 5.4.0-122-generic x86_64
ApportVersion: 2.20.11-0ubuntu27.24
Architecture: amd64
CasperMD5CheckResult: skip
Date: Tue Nov 22 14:05:57 2022
RelatedPackageVersions:
bind9utils N/A
apparmor 2.13.3-7ubuntu5.1
SourcePackage: bind9
UpgradeStatus: No upgrade log present (probably fresh install)
mtime.conffile..etc.bind.named.conf.local: 2022-07-19T06:39:58.037514
mtime.conffile..etc.bind.named.conf.options: 2022-08-12T09:04:29.109483
mtime.conffile..etc.default.named: 2022-07-15T15:04:10.495478 |
[ Impact ]
On certain scenarios where bind9's resolver is put under stress, a segmentation fault can happen on isc__nm_tcpdns_send/isc__nm_tcp_send.
[ Test Plan ]
Unfortunately, after several attempts I wasn't able to reproduce the issue in a reliable manner. For that reason, I have been relying on the community to perform tests and determine the right fix for the issue. Some members of the community have deployments where the segmentation fault occurs after some time (tipically less than 1 month). Therefore, the test plan for this bug will involve asking these kind community members to help us by installing the bind9 package from focal-proposed and leave it running for some time. The expectation here is that the segmentation fault will not manifest with the new package.
[ Where problems could occur ]
TBD.
[ Original Description ]
The server acts as Samba AD DC
ProblemType: Bug
DistroRelease: Ubuntu 20.04
Package: bind9 1:9.16.1-0ubuntu2.11
ProcVersionSignature: Ubuntu 5.4.0-122.138-generic 5.4.192
Uname: Linux 5.4.0-122-generic x86_64
ApportVersion: 2.20.11-0ubuntu27.24
Architecture: amd64
CasperMD5CheckResult: skip
Date: Tue Nov 22 14:05:57 2022
RelatedPackageVersions:
bind9utils N/A
apparmor 2.13.3-7ubuntu5.1
SourcePackage: bind9
UpgradeStatus: No upgrade log present (probably fresh install)
mtime.conffile..etc.bind.named.conf.local: 2022-07-19T06:39:58.037514
mtime.conffile..etc.bind.named.conf.options: 2022-08-12T09:04:29.109483
mtime.conffile..etc.default.named: 2022-07-15T15:04:10.495478 |
|
| 2023-01-04 19:10:17 |
Sergio Durigan Junior |
description |
[ Impact ]
On certain scenarios where bind9's resolver is put under stress, a segmentation fault can happen on isc__nm_tcpdns_send/isc__nm_tcp_send.
[ Test Plan ]
Unfortunately, after several attempts I wasn't able to reproduce the issue in a reliable manner. For that reason, I have been relying on the community to perform tests and determine the right fix for the issue. Some members of the community have deployments where the segmentation fault occurs after some time (tipically less than 1 month). Therefore, the test plan for this bug will involve asking these kind community members to help us by installing the bind9 package from focal-proposed and leave it running for some time. The expectation here is that the segmentation fault will not manifest with the new package.
[ Where problems could occur ]
TBD.
[ Original Description ]
The server acts as Samba AD DC
ProblemType: Bug
DistroRelease: Ubuntu 20.04
Package: bind9 1:9.16.1-0ubuntu2.11
ProcVersionSignature: Ubuntu 5.4.0-122.138-generic 5.4.192
Uname: Linux 5.4.0-122-generic x86_64
ApportVersion: 2.20.11-0ubuntu27.24
Architecture: amd64
CasperMD5CheckResult: skip
Date: Tue Nov 22 14:05:57 2022
RelatedPackageVersions:
bind9utils N/A
apparmor 2.13.3-7ubuntu5.1
SourcePackage: bind9
UpgradeStatus: No upgrade log present (probably fresh install)
mtime.conffile..etc.bind.named.conf.local: 2022-07-19T06:39:58.037514
mtime.conffile..etc.bind.named.conf.options: 2022-08-12T09:04:29.109483
mtime.conffile..etc.default.named: 2022-07-15T15:04:10.495478 |
[ Impact ]
On certain scenarios where bind9's resolver is put under stress, a segmentation fault can happen on isc__nm_tcpdns_send/isc__nm_tcp_send. This happens because isc__nm_tcpdns_send is not asynchronous and accessed socket internal fields in an unsafe manner, leading to race conditions and the subsequent crash.
[ Test Plan ]
Unfortunately, after several attempts I wasn't able to reproduce the issue in a reliable manner. For that reason, I have been relying on the community to perform tests and determine the right fix for the issue. Some members of the community have deployments where the segmentation fault occurs after some time (tipically less than 1 month). Therefore, the test plan for this bug will involve asking these kind community members to help us by installing the bind9 package from focal-proposed and leave it running for some time. The expectation here is that the segmentation fault will not manifest with the new package.
[ Where problems could occur ]
TBD.
[ Original Description ]
The server acts as Samba AD DC
ProblemType: Bug
DistroRelease: Ubuntu 20.04
Package: bind9 1:9.16.1-0ubuntu2.11
ProcVersionSignature: Ubuntu 5.4.0-122.138-generic 5.4.192
Uname: Linux 5.4.0-122-generic x86_64
ApportVersion: 2.20.11-0ubuntu27.24
Architecture: amd64
CasperMD5CheckResult: skip
Date: Tue Nov 22 14:05:57 2022
RelatedPackageVersions:
bind9utils N/A
apparmor 2.13.3-7ubuntu5.1
SourcePackage: bind9
UpgradeStatus: No upgrade log present (probably fresh install)
mtime.conffile..etc.bind.named.conf.local: 2022-07-19T06:39:58.037514
mtime.conffile..etc.bind.named.conf.options: 2022-08-12T09:04:29.109483
mtime.conffile..etc.default.named: 2022-07-15T15:04:10.495478 |
|
| 2023-01-04 20:43:32 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~sergiodj/ubuntu/+source/bind9/+git/bind9/+merge/435153 |
|
| 2023-01-04 20:59:21 |
Sergio Durigan Junior |
description |
[ Impact ]
On certain scenarios where bind9's resolver is put under stress, a segmentation fault can happen on isc__nm_tcpdns_send/isc__nm_tcp_send. This happens because isc__nm_tcpdns_send is not asynchronous and accessed socket internal fields in an unsafe manner, leading to race conditions and the subsequent crash.
[ Test Plan ]
Unfortunately, after several attempts I wasn't able to reproduce the issue in a reliable manner. For that reason, I have been relying on the community to perform tests and determine the right fix for the issue. Some members of the community have deployments where the segmentation fault occurs after some time (tipically less than 1 month). Therefore, the test plan for this bug will involve asking these kind community members to help us by installing the bind9 package from focal-proposed and leave it running for some time. The expectation here is that the segmentation fault will not manifest with the new package.
[ Where problems could occur ]
TBD.
[ Original Description ]
The server acts as Samba AD DC
ProblemType: Bug
DistroRelease: Ubuntu 20.04
Package: bind9 1:9.16.1-0ubuntu2.11
ProcVersionSignature: Ubuntu 5.4.0-122.138-generic 5.4.192
Uname: Linux 5.4.0-122-generic x86_64
ApportVersion: 2.20.11-0ubuntu27.24
Architecture: amd64
CasperMD5CheckResult: skip
Date: Tue Nov 22 14:05:57 2022
RelatedPackageVersions:
bind9utils N/A
apparmor 2.13.3-7ubuntu5.1
SourcePackage: bind9
UpgradeStatus: No upgrade log present (probably fresh install)
mtime.conffile..etc.bind.named.conf.local: 2022-07-19T06:39:58.037514
mtime.conffile..etc.bind.named.conf.options: 2022-08-12T09:04:29.109483
mtime.conffile..etc.default.named: 2022-07-15T15:04:10.495478 |
[ Impact ]
On certain scenarios where bind9's resolver is put under stress, a segmentation fault can happen on isc__nm_tcpdns_send/isc__nm_tcp_send. This happens because isc__nm_tcpdns_send is not asynchronous and accessed socket internal fields in an unsafe manner, leading to race conditions and the subsequent crash.
[ Test Plan ]
Unfortunately, after several attempts I wasn't able to reproduce the issue in a reliable manner. For that reason, I have been relying on the community to perform tests and determine the right fix for the issue. Some members of the community have deployments where the segmentation fault occurs after some time (tipically less than 1 month). Therefore, the test plan for this bug will involve asking these kind community members to help us by installing the bind9 package from focal-proposed and leave it running for some time. The expectation here is that the segmentation fault will not manifest with the new package.
[ Where problems could occur ]
The backported patch is not entirely trivial, although it is well contained within the tcpdns code. The intention is to split tcpdns into a new, asynchronous thread which will ultimately make accessing internal socket fields safe. As is common with general code overhauls, this one also introduces a chance for some bad interaction between tcpdns and its users.
[ Other Info ]
The positive side here is that this code has been incorporated into bind9 upstream 2 years ago, and there have been no regressions reported against it to the best of my knowledge. On top of that, at least 3 community members have extensively tested a PPA with this backport and all of them reported back saying that the issue has been fixed.
[ Original Description ]
The server acts as Samba AD DC
ProblemType: Bug
DistroRelease: Ubuntu 20.04
Package: bind9 1:9.16.1-0ubuntu2.11
ProcVersionSignature: Ubuntu 5.4.0-122.138-generic 5.4.192
Uname: Linux 5.4.0-122-generic x86_64
ApportVersion: 2.20.11-0ubuntu27.24
Architecture: amd64
CasperMD5CheckResult: skip
Date: Tue Nov 22 14:05:57 2022
RelatedPackageVersions:
bind9utils N/A
apparmor 2.13.3-7ubuntu5.1
SourcePackage: bind9
UpgradeStatus: No upgrade log present (probably fresh install)
mtime.conffile..etc.bind.named.conf.local: 2022-07-19T06:39:58.037514
mtime.conffile..etc.bind.named.conf.options: 2022-08-12T09:04:29.109483
mtime.conffile..etc.default.named: 2022-07-15T15:04:10.495478 |
|
| 2023-01-19 20:58:59 |
Sergio Durigan Junior |
bind9 (Ubuntu Focal): status |
Confirmed |
In Progress |
|
| 2023-01-19 20:59:40 |
Sergio Durigan Junior |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
| 2023-01-19 21:07:01 |
Sergio Durigan Junior |
description |
[ Impact ]
On certain scenarios where bind9's resolver is put under stress, a segmentation fault can happen on isc__nm_tcpdns_send/isc__nm_tcp_send. This happens because isc__nm_tcpdns_send is not asynchronous and accessed socket internal fields in an unsafe manner, leading to race conditions and the subsequent crash.
[ Test Plan ]
Unfortunately, after several attempts I wasn't able to reproduce the issue in a reliable manner. For that reason, I have been relying on the community to perform tests and determine the right fix for the issue. Some members of the community have deployments where the segmentation fault occurs after some time (tipically less than 1 month). Therefore, the test plan for this bug will involve asking these kind community members to help us by installing the bind9 package from focal-proposed and leave it running for some time. The expectation here is that the segmentation fault will not manifest with the new package.
[ Where problems could occur ]
The backported patch is not entirely trivial, although it is well contained within the tcpdns code. The intention is to split tcpdns into a new, asynchronous thread which will ultimately make accessing internal socket fields safe. As is common with general code overhauls, this one also introduces a chance for some bad interaction between tcpdns and its users.
[ Other Info ]
The positive side here is that this code has been incorporated into bind9 upstream 2 years ago, and there have been no regressions reported against it to the best of my knowledge. On top of that, at least 3 community members have extensively tested a PPA with this backport and all of them reported back saying that the issue has been fixed.
[ Original Description ]
The server acts as Samba AD DC
ProblemType: Bug
DistroRelease: Ubuntu 20.04
Package: bind9 1:9.16.1-0ubuntu2.11
ProcVersionSignature: Ubuntu 5.4.0-122.138-generic 5.4.192
Uname: Linux 5.4.0-122-generic x86_64
ApportVersion: 2.20.11-0ubuntu27.24
Architecture: amd64
CasperMD5CheckResult: skip
Date: Tue Nov 22 14:05:57 2022
RelatedPackageVersions:
bind9utils N/A
apparmor 2.13.3-7ubuntu5.1
SourcePackage: bind9
UpgradeStatus: No upgrade log present (probably fresh install)
mtime.conffile..etc.bind.named.conf.local: 2022-07-19T06:39:58.037514
mtime.conffile..etc.bind.named.conf.options: 2022-08-12T09:04:29.109483
mtime.conffile..etc.default.named: 2022-07-15T15:04:10.495478 |
[ Impact ]
On certain scenarios where bind9's resolver is put under stress, a segmentation fault can happen on isc__nm_tcpdns_send/isc__nm_tcp_send. This happens because isc__nm_tcpdns_send is not asynchronous and accessed socket internal fields in an unsafe manner, leading to race conditions and the subsequent crash.
[ Test Plan ]
Unfortunately, after several attempts I wasn't able to reproduce the issue in a reliable manner. For that reason, I have been relying on the community to perform tests and determine the right fix for the issue. Some members of the community have deployments where the segmentation fault occurs after some time (typically less than 1 month). Therefore, the test plan for this bug will involve asking these kind community members to help us by installing the bind9 package from focal-proposed and leave it running for some time. The expectation here is that the segmentation fault will not manifest with the new package.
[ Where problems could occur ]
The backported patch is not entirely trivial, although it is well contained within the tcpdns code. The intention is to split tcpdns into a new, asynchronous thread which will ultimately make accessing internal socket fields safe. As is common with general code overhauls, this one also introduces a chance for some bad interaction between tcpdns and its users.
[ Other Info ]
The positive side here is that this code has been incorporated into bind9 upstream 2 years ago, and there have been no regressions reported against it to the best of my knowledge. On top of that, at least 3 community members have extensively tested a PPA with this backport and all of them reported back saying that the issue has been fixed.
It's also important to note that this backport addresses solely the bug experienced by the community users. During the review of the MP to fix the bug, Andreas found another patch that looked like it should be backported as well, but we were not sure. I raised this with upstream here:
https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/3721#note_345081
and, as can be seen, their reply was not very encouraging. Having in mind that (a) the backport in question does solve the problems experienced by the community, (b) we have been actively working to get an MRE for bind9 on Jammy and Focal, (c) when the MRE is in place we will be able to update bind9 and get the latest code that fixes this and many other issues, and (d) it'd be very risky and somewhat unfeasible to backport all of the related fixes pointed by upstream, I decided to move forward with this SRU as is.
[ Original Description ]
The server acts as Samba AD DC
ProblemType: Bug
DistroRelease: Ubuntu 20.04
Package: bind9 1:9.16.1-0ubuntu2.11
ProcVersionSignature: Ubuntu 5.4.0-122.138-generic 5.4.192
Uname: Linux 5.4.0-122-generic x86_64
ApportVersion: 2.20.11-0ubuntu27.24
Architecture: amd64
CasperMD5CheckResult: skip
Date: Tue Nov 22 14:05:57 2022
RelatedPackageVersions:
bind9utils N/A
apparmor 2.13.3-7ubuntu5.1
SourcePackage: bind9
UpgradeStatus: No upgrade log present (probably fresh install)
mtime.conffile..etc.bind.named.conf.local: 2022-07-19T06:39:58.037514
mtime.conffile..etc.bind.named.conf.options: 2022-08-12T09:04:29.109483
mtime.conffile..etc.default.named: 2022-07-15T15:04:10.495478 |
|
| 2023-01-25 19:11:14 |
John Edwards |
cve linked |
|
2022-3094 |
|
| 2023-03-02 19:42:12 |
Andreas Hasenack |
bind9 (Ubuntu Focal): status |
In Progress |
Fix Committed |
|
| 2023-03-02 19:42:14 |
Andreas Hasenack |
bug |
|
|
added subscriber SRU Verification |
| 2023-03-02 19:42:21 |
Andreas Hasenack |
tags |
amd64 apport-bug focal server-todo |
amd64 apport-bug focal server-todo verification-needed verification-needed-focal |
|
| 2023-03-22 12:25:01 |
Sergio Durigan Junior |
tags |
amd64 apport-bug focal server-todo verification-needed verification-needed-focal |
amd64 apport-bug focal server-todo verification-done verification-done-focal |
|
| 2023-03-23 14:54:44 |
Launchpad Janitor |
bind9 (Ubuntu Focal): status |
Fix Committed |
Fix Released |
|
| 2023-03-23 14:54:50 |
Andreas Hasenack |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
