UbuntuUpdates.org

Package "bind9-dnsutils"

Name: bind9-dnsutils

Description:

Clients provided with BIND 9

Latest version: 1:9.16.1-0ubuntu2.11
Release: focal (20.04)
Level: security
Repository: main
Head package: bind9
Homepage: https://www.isc.org/downloads/bind/

Links


Download "bind9-dnsutils"


Other versions of "bind9-dnsutils" in Focal

Repository Area Version
base main 1:9.16.1-0ubuntu2
updates main 1:9.16.1-0ubuntu2.11

Changelog

Version: 1:9.16.1-0ubuntu2.11 2022-09-21 14:07:24 UTC

  bind9 (1:9.16.1-0ubuntu2.11) focal-security; urgency=medium

  * SECURITY UPDATE: Processing large delegations may severely degrade
    resolver performance
    - debian/patches/CVE-2022-2795.patch: add limit to lib/dns/resolver.c.
    - CVE-2022-2795
  * SECURITY UPDATE: memory leak in ECDSA DNSSEC verification code
    - debian/patches/CVE-2022-38177.patch: fix return handling in
      lib/dns/opensslecdsa_link.c.
    - CVE-2022-38177
  * SECURITY UPDATE: memory leaks in EdDSA DNSSEC verification code
    - debian/patches/CVE-2022-38178.patch: fix return handling in
      lib/dns/openssleddsa_link.c.
    - CVE-2022-38178

 -- Marc Deslauriers <email address hidden> Tue, 20 Sep 2022 08:05:01 -0400

Source diff to previous version
CVE-2022-2795 Processing large delegations may severely degrade resolver performance
CVE-2022-38177 Memory leak in ECDSA DNSSEC verification code
CVE-2022-38178 Memory leaks in EdDSA DNSSEC verification code

Version: 1:9.16.1-0ubuntu2.10 2022-03-17 14:06:43 UTC

  bind9 (1:9.16.1-0ubuntu2.10) focal-security; urgency=medium

  * SECURITY UPDATE: cache poisoning via bogus NS records
    - debian/patches/CVE-2021-25220.patch: tighten rules for acceptance of
      records into the cache in lib/dns/resolver.c.
    - CVE-2021-25220

 -- Marc Deslauriers <email address hidden> Tue, 15 Mar 2022 10:11:35 -0400

Source diff to previous version
CVE-2021-25220 DNS forwarders - cache poisoning vulnerability

Version: 1:9.16.1-0ubuntu2.9 2021-10-28 12:06:21 UTC

  bind9 (1:9.16.1-0ubuntu2.9) focal-security; urgency=medium

  * SECURITY UPDATE: resolver performance degradation via lame cache abuse
    - debian/patches/CVE-2021-25219.patch: disable lame cache in
      bin/named/config.c, bin/named/server.c, lib/dns/resolver.c.
    - CVE-2021-25219

 -- Marc Deslauriers <email address hidden> Wed, 27 Oct 2021 07:00:32 -0400

Source diff to previous version
CVE-2021-25219 In BIND 9.3.0 -&gt; 9.11.35, 9.12.0 -&gt; 9.16.21, and versions 9.9.3- ...

Version: 1:9.16.1-0ubuntu2.8 2021-04-29 13:06:27 UTC

  bind9 (1:9.16.1-0ubuntu2.8) focal-security; urgency=medium

  * SECURITY UPDATE: DoS via broken inbound incremental zone update (IXFR)
    - debian/patches/CVE-2021-25214.patch: immediately reject the entire
      transfer for certain RR in lib/dns/xfrin.c.
    - CVE-2021-25214
  * SECURITY UPDATE: assert via answering certain queries for DNAME records
    - debian/patches/CVE-2021-25215.patch: fix assert checks in
      lib/ns/query.c.
    - CVE-2021-25215
  * SECURITY UPDATE: overflow in BIND's GSSAPI security policy negotiation
    - debian/rules: build with --disable-isc-spnego to disable internal
      SPNEGO and use the one from the kerberos libraries.
    - CVE-2021-25216

 -- Marc Deslauriers <email address hidden> Tue, 27 Apr 2021 07:15:23 -0400

Source diff to previous version
CVE-2021-25214 In BIND 9.8.5 -&gt; 9.8.8, 9.9.3 -&gt; 9.11.29, 9.12.0 -&gt; 9.16.13, ...
CVE-2021-25215 In BIND 9.0.0 -&gt; 9.11.29, 9.12.0 -&gt; 9.16.13, and versions BIND 9 ...
CVE-2021-25216 In BIND 9.5.0 -&gt; 9.11.29, 9.12.0 -&gt; 9.16.13, and versions BIND 9 ...

Version: 1:9.16.1-0ubuntu2.6 2021-02-18 14:06:22 UTC

  bind9 (1:9.16.1-0ubuntu2.6) focal-security; urgency=medium

  * SECURITY UPDATE: off-by-one bug in ISC SPNEGO implementation
    - debian/patches/CVE-2020-8625.patch: properly calculate length in
      lib/dns/spnego.c.
    - CVE-2020-8625
  * This update does _not_ contain the changes from 1:9.16.1-0ubuntu2.5 in
    focal-proposed.

 -- Marc Deslauriers <email address hidden> Tue, 16 Feb 2021 15:08:33 -0500

CVE-2020-8625 BIND servers are vulnerable if they are running an affected version an ...



About   -   Send Feedback to @ubuntu_updates