Package "bind9-dnsutils"

Name: bind9-dnsutils


Clients provided with BIND 9

Latest version: 1:9.16.1-0ubuntu2.11
Release: focal (20.04)
Level: security
Repository: main
Head package: bind9
Homepage: https://www.isc.org/downloads/bind/


Download "bind9-dnsutils"

Other versions of "bind9-dnsutils" in Focal

Repository Area Version
base main 1:9.16.1-0ubuntu2
updates main 1:9.16.1-0ubuntu2.11


Version: 1:9.16.1-0ubuntu2.3 2020-08-21 14:06:22 UTC

  bind9 (1:9.16.1-0ubuntu2.3) focal-security; urgency=medium

  * SECURITY UPDATE: A specially crafted large TCP payload can trigger an
    assertion failure
    - debian/patches/CVE-2020-8620.patch: add extra checks to
      lib/isc/netmgr/netmgr-int.h, lib/isc/netmgr/netmgr.c,
      lib/isc/netmgr/tcp.c, lib/isc/netmgr/udp.c.
    - CVE-2020-8620
  * SECURITY UPDATE: Attempting QNAME minimization after forwarding can
    lead to an assertion failure
    - debian/patches/CVE-2020-8621.patch: disable QNAME minimization in
    - CVE-2020-8621
  * SECURITY UPDATE: A truncated TSIG response can lead to an assertion
    - debian/patches/CVE-2020-8622.patch: move code in lib/dns/message.c.
    - CVE-2020-8622
  * SECURITY UPDATE: A flaw in native PKCS#11 code can lead to a remotely
    triggerable assertion failure
    - debian/patches/CVE-2020-8623.patch: add extra checks in
      lib/dns/pkcs11rsa_link.c, lib/isc/include/pk11/internal.h,
    - CVE-2020-8623
  * SECURITY UPDATE: update-policy rules of type subdomain were enforced
    - debian/patches/CVE-2020-8624.patch: add extra check in
    - CVE-2020-8624

 -- Marc Deslauriers <email address hidden> Tue, 18 Aug 2020 07:38:53 -0400

Source diff to previous version

Version: 1:9.16.1-0ubuntu2.2 2020-06-17 23:07:11 UTC

  bind9 (1:9.16.1-0ubuntu2.2) focal-security; urgency=medium

  * SECURITY UPDATE: assertion when attempting to fill oversized TCP buffer
    - debian/patches/CVE-2020-8618.patch: add fix to lib/ns/client.c,
      lib/ns/include/ns/client.h, lib/ns/xfrout.c.
    - CVE-2020-8618
  * SECURITY UPDATE: INSIST failure when a zone with an interior wildcard
    label was queried in a certain pattern
    - debian/patches/CVE-2020-8619.patch: add fix to lib/dns/rbtdb.c.
    - CVE-2020-8619

 -- Marc Deslauriers <email address hidden> Tue, 16 Jun 2020 09:29:41 -0400

Source diff to previous version
CVE-2020-8618 RESERVED
CVE-2020-8619 RESERVED

Version: 1:9.16.1-0ubuntu2.1 2020-05-19 13:06:36 UTC

  bind9 (1:9.16.1-0ubuntu2.1) focal-security; urgency=medium

  * SECURITY UPDATE: BIND does not sufficiently limit the number of fetches
    performed when processing referrals
    - debian/patches/CVE-2020-8616.patch: further limit the number of
      queries that can be triggered from a request in lib/dns/adb.c,
      lib/dns/include/dns/adb.h, lib/dns/resolver.c.
    - CVE-2020-8616
  * SECURITY UPDATE: A logic error in code which checks TSIG validity can
    be used to trigger an assertion failure in tsig.c
    - debian/patches/CVE-2020-8617.patch: don't allow replaying a TSIG
      BADTIME response in lib/dns/tsig.c.
    - CVE-2020-8617

 -- Marc Deslauriers <email address hidden> Fri, 15 May 2020 08:03:11 -0400

About   -   Send Feedback to @ubuntu_updates