UbuntuUpdates.org

Package "bind9"

Name: bind9

Description:

Internet Domain Name Server

Latest version: 1:9.11.3+dfsg-1ubuntu1.18
Release: bionic (18.04)
Level: updates
Repository: main
Homepage: https://www.isc.org/downloads/bind/

Links


Download "bind9"


Other versions of "bind9" in Bionic

Repository Area Version
base main 1:9.11.3+dfsg-1ubuntu1
security main 1:9.11.3+dfsg-1ubuntu1.18
proposed main 1:9.11.3+dfsg-1ubuntu1.19

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1:9.11.3+dfsg-1ubuntu1.18 2022-09-21 14:07:22 UTC

  bind9 (1:9.11.3+dfsg-1ubuntu1.18) bionic-security; urgency=medium

  * SECURITY UPDATE: Processing large delegations may severely degrade
    resolver performance
    - debian/patches/CVE-2022-2795.patch: add limit to lib/dns/resolver.c.
    - CVE-2022-2795
  * SECURITY UPDATE: memory leak in ECDSA DNSSEC verification code
    - debian/patches/CVE-2022-38177.patch: fix return handling in
      lib/dns/opensslecdsa_link.c.
    - CVE-2022-38177
  * SECURITY UPDATE: memory leaks in EdDSA DNSSEC verification code
    - debian/patches/CVE-2022-38178.patch: fix return handling in
      lib/dns/openssleddsa_link.c.
    - CVE-2022-38178

 -- Marc Deslauriers <email address hidden> Tue, 20 Sep 2022 08:11:06 -0400

Source diff to previous version
CVE-2022-2795 Processing large delegations may severely degrade resolver performance
CVE-2022-38177 Memory leak in ECDSA DNSSEC verification code
CVE-2022-38178 Memory leaks in EdDSA DNSSEC verification code

Version: 1:9.11.3+dfsg-1ubuntu1.17 2022-03-17 14:06:39 UTC

  bind9 (1:9.11.3+dfsg-1ubuntu1.17) bionic-security; urgency=medium

  * SECURITY UPDATE: cache poisoning via bogus NS records
    - debian/patches/CVE-2021-25220.patch: tighten rules for acceptance of
      records into the cache in lib/dns/resolver.c.
    - CVE-2021-25220

 -- Marc Deslauriers <email address hidden> Tue, 15 Mar 2022 10:14:01 -0400

Source diff to previous version
CVE-2021-25220 DNS forwarders - cache poisoning vulnerability

Version: 1:9.11.3+dfsg-1ubuntu1.16 2021-10-28 12:06:20 UTC

  bind9 (1:9.11.3+dfsg-1ubuntu1.16) bionic-security; urgency=medium

  * SECURITY UPDATE: resolver performance degradation via lame cache abuse
    - debian/patches/CVE-2021-25219.patch: disable lame cache in
      bin/named/config.c, bin/named/server.c, lib/dns/resolver.c.
    - CVE-2021-25219

 -- Marc Deslauriers <email address hidden> Wed, 27 Oct 2021 07:02:44 -0400

Source diff to previous version
CVE-2021-25219 In BIND 9.3.0 -&gt; 9.11.35, 9.12.0 -&gt; 9.16.21, and versions 9.9.3- ...

Version: 1:9.11.3+dfsg-1ubuntu1.15 2021-04-29 14:06:25 UTC

  bind9 (1:9.11.3+dfsg-1ubuntu1.15) bionic-security; urgency=medium

  * SECURITY UPDATE: DoS via broken inbound incremental zone update (IXFR)
    - debian/patches/CVE-2021-25214.patch: immediately reject the entire
      transfer for certain RR in lib/dns/xfrin.c.
    - CVE-2021-25214
  * SECURITY UPDATE: assert via answering certain queries for DNAME records
    - debian/patches/CVE-2021-25215.patch: fix assert checks in
      lib/ns/query.c.
    - CVE-2021-25215
  * SECURITY UPDATE: overflow in BIND's GSSAPI security policy negotiation
    - debian/rules: build with --disable-isc-spnego to disable internal
      SPNEGO and use the one from the kerberos libraries.
    - debian/libdns1100.symbols: removed internal SPNEGO symbols.
    - CVE-2021-25216

 -- Marc Deslauriers <email address hidden> Tue, 27 Apr 2021 07:16:20 -0400

Source diff to previous version
CVE-2021-25214 In BIND 9.8.5 -&gt; 9.8.8, 9.9.3 -&gt; 9.11.29, 9.12.0 -&gt; 9.16.13, ...
CVE-2021-25215 In BIND 9.0.0 -&gt; 9.11.29, 9.12.0 -&gt; 9.16.13, and versions BIND 9 ...
CVE-2021-25216 In BIND 9.5.0 -&gt; 9.11.29, 9.12.0 -&gt; 9.16.13, and versions BIND 9 ...

Version: 1:9.11.3+dfsg-1ubuntu1.14 2021-02-18 15:06:20 UTC

  bind9 (1:9.11.3+dfsg-1ubuntu1.14) bionic-security; urgency=medium

  * SECURITY UPDATE: off-by-one bug in ISC SPNEGO implementation
    - debian/patches/CVE-2020-8625.patch: properly calculate length in
      lib/dns/spnego.c.
    - CVE-2020-8625

 -- Marc Deslauriers <email address hidden> Mon, 15 Feb 2021 08:08:25 -0500

CVE-2020-8625 BIND servers are vulnerable if they are running an affected version an ...



About   -   Send Feedback to @ubuntu_updates