UbuntuUpdates.org

Package "bind9"

Name: bind9

Description:

Internet Domain Name Server

Latest version: 1:9.16.48-0ubuntu0.20.04.1
Release: focal (20.04)
Level: updates
Repository: main
Homepage: https://www.isc.org/downloads/bind/

Links


Download "bind9"


Other versions of "bind9" in Focal

Repository Area Version
base main 1:9.16.1-0ubuntu2
base universe 1:9.16.1-0ubuntu2
security main 1:9.16.48-0ubuntu0.20.04.1
security universe 1:9.16.48-0ubuntu0.20.04.1
updates universe 1:9.16.48-0ubuntu0.20.04.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1:9.16.1-0ubuntu2.11 2022-09-21 14:07:26 UTC

  bind9 (1:9.16.1-0ubuntu2.11) focal-security; urgency=medium

  * SECURITY UPDATE: Processing large delegations may severely degrade
    resolver performance
    - debian/patches/CVE-2022-2795.patch: add limit to lib/dns/resolver.c.
    - CVE-2022-2795
  * SECURITY UPDATE: memory leak in ECDSA DNSSEC verification code
    - debian/patches/CVE-2022-38177.patch: fix return handling in
      lib/dns/opensslecdsa_link.c.
    - CVE-2022-38177
  * SECURITY UPDATE: memory leaks in EdDSA DNSSEC verification code
    - debian/patches/CVE-2022-38178.patch: fix return handling in
      lib/dns/openssleddsa_link.c.
    - CVE-2022-38178

 -- Marc Deslauriers <email address hidden> Tue, 20 Sep 2022 08:05:01 -0400

Source diff to previous version
CVE-2022-2795 Processing large delegations may severely degrade resolver performance
CVE-2022-38177 Memory leak in ECDSA DNSSEC verification code
CVE-2022-38178 Memory leaks in EdDSA DNSSEC verification code

Version: 1:9.16.1-0ubuntu2.10 2022-03-17 14:06:46 UTC

  bind9 (1:9.16.1-0ubuntu2.10) focal-security; urgency=medium

  * SECURITY UPDATE: cache poisoning via bogus NS records
    - debian/patches/CVE-2021-25220.patch: tighten rules for acceptance of
      records into the cache in lib/dns/resolver.c.
    - CVE-2021-25220

 -- Marc Deslauriers <email address hidden> Tue, 15 Mar 2022 10:11:35 -0400

Source diff to previous version
CVE-2021-25220 DNS forwarders - cache poisoning vulnerability

Version: 1:9.16.1-0ubuntu2.9 2021-10-28 12:06:22 UTC

  bind9 (1:9.16.1-0ubuntu2.9) focal-security; urgency=medium

  * SECURITY UPDATE: resolver performance degradation via lame cache abuse
    - debian/patches/CVE-2021-25219.patch: disable lame cache in
      bin/named/config.c, bin/named/server.c, lib/dns/resolver.c.
    - CVE-2021-25219

 -- Marc Deslauriers <email address hidden> Wed, 27 Oct 2021 07:00:32 -0400

Source diff to previous version
CVE-2021-25219 In BIND 9.3.0 -&gt; 9.11.35, 9.12.0 -&gt; 9.16.21, and versions 9.9.3- ...

Version: 1:9.16.1-0ubuntu2.8 2021-04-29 14:06:27 UTC

  bind9 (1:9.16.1-0ubuntu2.8) focal-security; urgency=medium

  * SECURITY UPDATE: DoS via broken inbound incremental zone update (IXFR)
    - debian/patches/CVE-2021-25214.patch: immediately reject the entire
      transfer for certain RR in lib/dns/xfrin.c.
    - CVE-2021-25214
  * SECURITY UPDATE: assert via answering certain queries for DNAME records
    - debian/patches/CVE-2021-25215.patch: fix assert checks in
      lib/ns/query.c.
    - CVE-2021-25215
  * SECURITY UPDATE: overflow in BIND's GSSAPI security policy negotiation
    - debian/rules: build with --disable-isc-spnego to disable internal
      SPNEGO and use the one from the kerberos libraries.
    - CVE-2021-25216

 -- Marc Deslauriers <email address hidden> Tue, 27 Apr 2021 07:15:23 -0400

Source diff to previous version
CVE-2021-25214 In BIND 9.8.5 -&gt; 9.8.8, 9.9.3 -&gt; 9.11.29, 9.12.0 -&gt; 9.16.13, ...
CVE-2021-25215 In BIND 9.0.0 -&gt; 9.11.29, 9.12.0 -&gt; 9.16.13, and versions BIND 9 ...
CVE-2021-25216 In BIND 9.5.0 -&gt; 9.11.29, 9.12.0 -&gt; 9.16.13, and versions BIND 9 ...

Version: 1:9.16.1-0ubuntu2.7 2021-03-01 13:06:24 UTC

  bind9 (1:9.16.1-0ubuntu2.7) focal; urgency=medium

  * Fix a race between deactivating socket handle and processing
    async callbacks, which can lead to sockets not being closed
    properly, exhausting TCP connection limits. (LP: #1909950)
    - d/p/lp-1909950-fix-race-between-deactivating-handle-async-callback.patch

 -- Matthew Ruffell <email address hidden> Thu, 18 Feb 2021 16:28:44 +1300

1909950 named: TCP connections sometimes never close due to race in socket teardown



About   -   Send Feedback to @ubuntu_updates