UbuntuUpdates.org

Package "bind9-utils"

Name: bind9-utils

Description:

Utilities for BIND 9

Latest version: 1:9.16.48-0ubuntu0.20.04.1
Release: focal (20.04)
Level: security
Repository: main
Head package: bind9
Homepage: https://www.isc.org/downloads/bind/

Links


Download "bind9-utils"


Other versions of "bind9-utils" in Focal

Repository Area Version
base main 1:9.16.1-0ubuntu2
updates main 1:9.16.48-0ubuntu0.20.04.1

Changelog

Version: 1:9.16.48-0ubuntu0.20.04.1 2024-02-19 16:06:54 UTC

  bind9 (1:9.16.48-0ubuntu0.20.04.1) focal-security; urgency=medium

  * Updated to 9.16.48 to fix multiple security issues.
    - Please see the following for a list of changes, including possibly
      incompatible ones:
      https://downloads.isc.org/isc/bind9/9.16.48/doc/arm/html/notes.html
    - CVE-2023-4408
    - CVE-2023-5517
    - CVE-2023-6516
    - CVE-2023-50387
    - CVE-2023-50868
  * Packaging changes required for 9.16.48:
    - Dropped patches no longer required with 9.16.48:
      + CVE-*.patch
      + fix-rebinding-protection.patch,
      + 0003-Print-diagnostics-on-dns_name_issubdomain-failure-in.patch
      + lp-1909950-fix-race-between-deactivating-handle-async-callback.patch
      + lp1997375-segfault-isc-nm-tcp-send.patch
    - Synced other patches with Debian's 1:9.16.48-1 package
    - debian/*.install, debian/*.links: updated with new files in 9.16.48.
    - debian/rules, debian/not-installed: don't delete old -dev files, just
      don't install them.
    - debian/control, debian/rules: switch packages required to build
      documentation.

 -- Marc Deslauriers <email address hidden> Wed, 14 Feb 2024 07:49:14 -0500

Source diff to previous version
CVE-2023-4408 The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS
CVE-2023-5517 A flaw in query-handling code can cause `named` to exit prematurely with an assertion failure when: - `nxdomain-redirect <domain>;` is configured,
CVE-2023-6516 To keep its cache database efficient, `named` running as a recursive resolver occasionally attempts to clean up the database. It uses several methods
CVE-2023-50387 Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU
CVE-2023-50868 The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of se

Version: 1:9.16.1-0ubuntu2.16 2023-09-20 16:08:29 UTC

  bind9 (1:9.16.1-0ubuntu2.16) focal-security; urgency=medium

  * SECURITY UPDATE: DoS via recusive packet parsing
    - debian/patches/CVE-2023-3341.patch: add a max depth check to
      lib/isccc/include/isccc/result.h, lib/isccc/result.c, lib/isccc/cc.c.
    - CVE-2023-3341

 -- Marc Deslauriers <email address hidden> Tue, 19 Sep 2023 07:22:19 -0400

Source diff to previous version
CVE-2023-3341 A stack exhaustion flaw in control channel code may cause named to terminate unexpectedly

Version: 1:9.16.1-0ubuntu2.15 2023-06-21 19:07:01 UTC

  bind9 (1:9.16.1-0ubuntu2.15) focal-security; urgency=medium

  * SECURITY UPDATE: Configured cache size limit can be significantly
    exceeded
    - debian/patches/CVE-2023-2828.patch: fix cache expiry in
      lib/dns/rbtdb.c.
    - CVE-2023-2828

 -- Marc Deslauriers <email address hidden> Tue, 20 Jun 2023 08:38:29 -0400

Source diff to previous version
CVE-2023-2828 named's configured cache size limit can be significantly exceeded

Version: 1:9.16.1-0ubuntu2.12 2023-01-25 19:06:54 UTC

  bind9 (1:9.16.1-0ubuntu2.12) focal-security; urgency=medium

  * SECURITY UPDATE: An UPDATE message flood may cause named to exhaust all
    available memory
    - debian/patches/CVE-2022-3094.patch: add counter in
      bin/named/bind9.xsl, bin/named/statschannel.c,
      lib/ns/include/ns/server.h, lib/ns/include/ns/stats.h,
      lib/ns/server.c, lib/ns/update.c.
    - CVE-2022-3094

 -- Marc Deslauriers <email address hidden> Tue, 24 Jan 2023 08:30:54 -0500

Source diff to previous version

Version: 1:9.16.1-0ubuntu2.11 2022-09-21 14:07:24 UTC

  bind9 (1:9.16.1-0ubuntu2.11) focal-security; urgency=medium

  * SECURITY UPDATE: Processing large delegations may severely degrade
    resolver performance
    - debian/patches/CVE-2022-2795.patch: add limit to lib/dns/resolver.c.
    - CVE-2022-2795
  * SECURITY UPDATE: memory leak in ECDSA DNSSEC verification code
    - debian/patches/CVE-2022-38177.patch: fix return handling in
      lib/dns/opensslecdsa_link.c.
    - CVE-2022-38177
  * SECURITY UPDATE: memory leaks in EdDSA DNSSEC verification code
    - debian/patches/CVE-2022-38178.patch: fix return handling in
      lib/dns/openssleddsa_link.c.
    - CVE-2022-38178

 -- Marc Deslauriers <email address hidden> Tue, 20 Sep 2022 08:05:01 -0400

CVE-2022-2795 Processing large delegations may severely degrade resolver performance
CVE-2022-38177 Memory leak in ECDSA DNSSEC verification code
CVE-2022-38178 Memory leaks in EdDSA DNSSEC verification code



About   -   Send Feedback to @ubuntu_updates