UbuntuUpdates.org

Package "dnsutils"

Name: dnsutils

Description:

Clients provided with BIND

Latest version: 1:9.11.3+dfsg-1ubuntu1.13
Release: bionic (18.04)
Level: updates
Repository: main
Head package: bind9
Homepage: https://www.isc.org/downloads/bind/

Links


Download "dnsutils"


Other versions of "dnsutils" in Bionic

Repository Area Version
base main 1:9.11.3+dfsg-1ubuntu1
security main 1:9.11.3+dfsg-1ubuntu1.13

Changelog

Version: 1:9.11.3+dfsg-1ubuntu1.13 2020-08-21 14:06:20 UTC

  bind9 (1:9.11.3+dfsg-1ubuntu1.13) bionic-security; urgency=medium

  * SECURITY UPDATE: A truncated TSIG response can lead to an assertion
    failure
    - debian/patches/CVE-2020-8622.patch: move code in lib/dns/message.c.
    - CVE-2020-8622
  * SECURITY UPDATE: A flaw in native PKCS#11 code can lead to a remotely
    triggerable assertion failure
    - debian/patches/CVE-2020-8623.patch: add extra checks in
      lib/dns/pkcs11dh_link.c, lib/dns/pkcs11dsa_link.c,
      lib/dns/pkcs11rsa_link.c, lib/isc/include/pk11/internal.h,
      lib/isc/pk11.c.
    - CVE-2020-8623
  * SECURITY UPDATE: update-policy rules of type subdomain were enforced
    incorrectly
    - debian/patches/CVE-2020-8624.patch: add extra check in
      bin/named/zoneconf.c.
    - CVE-2020-8624

 -- Marc Deslauriers <email address hidden> Tue, 18 Aug 2020 08:08:32 -0400

Source diff to previous version

Version: 1:9.11.3+dfsg-1ubuntu1.12 2020-05-19 14:06:31 UTC

  bind9 (1:9.11.3+dfsg-1ubuntu1.12) bionic-security; urgency=medium

  * SECURITY UPDATE: BIND does not sufficiently limit the number of fetches
    performed when processing referrals
    - debian/patches/CVE-2020-8616.patch: further limit the number of
      queries that can be triggered from a request in lib/dns/adb.c,
      lib/dns/include/dns/adb.h, lib/dns/resolver.c.
    - CVE-2020-8616
  * SECURITY UPDATE: A logic error in code which checks TSIG validity can
    be used to trigger an assertion failure in tsig.c
    - debian/patches/CVE-2020-8617.patch: don't allow replaying a TSIG
      BADTIME response in lib/dns/tsig.c.
    - CVE-2020-8617

 -- Marc Deslauriers <email address hidden> Fri, 15 May 2020 08:17:59 -0400

Source diff to previous version

Version: 1:9.11.3+dfsg-1ubuntu1.11 2019-11-21 16:07:08 UTC

  bind9 (1:9.11.3+dfsg-1ubuntu1.11) bionic-security; urgency=medium

  * SECURITY UPDATE: TCP Pipelining doesn't limit TCP clients on a single
    connection
    - debian/patches/CVE-2019-6477.patch: limit number of clients in
      bin/named/client.c, bin/named/include/named/client.h.
    - CVE-2019-6477

 -- Marc Deslauriers <email address hidden> Mon, 18 Nov 2019 10:01:47 -0500

Source diff to previous version
CVE-2019-6477 TCP-pipelined queries can bypass tcp-clients limit

Version: 1:9.11.3+dfsg-1ubuntu1.10 2019-11-06 17:06:22 UTC

  bind9 (1:9.11.3+dfsg-1ubuntu1.10) bionic; urgency=medium

  * d/p/fix-socket-failures-during-name-resolution.patch: fix socket failures
    due to uninitialized memory during name resolution (LP: #1804542)

 -- Lucas Kanashiro <email address hidden> Mon, 30 Sep 2019 15:39:12 -0300

Source diff to previous version
1804542 [SRU] Multiple intermittent socket failures during name resolutions

Version: 1:9.11.3+dfsg-1ubuntu1.9 2019-09-02 11:07:03 UTC

  bind9 (1:9.11.3+dfsg-1ubuntu1.9) bionic; urgency=medium

  * d/p/fix-shutdown-race.diff: dig/host/nslookup could crash when interrupted
    close to a query timeout (LP: #1797926)

 -- Christian Ehrhardt <email address hidden> Wed, 07 Aug 2019 16:43:40 +0200

1797926 host crashed with SIGABRT in isc_assertion_failed()



About   -   Send Feedback to @ubuntu_updates