UbuntuUpdates.org

Package "bind9"

Name: bind9

Description:

Internet Domain Name Server

Latest version: 1:9.18.18-0ubuntu0.22.04.2
Release: jammy (22.04)
Level: security
Repository: main
Homepage: https://www.isc.org/downloads/bind/

Links


Download "bind9"


Other versions of "bind9" in Jammy

Repository Area Version
base main 1:9.18.1-1ubuntu1
base universe 1:9.18.1-1ubuntu1
security universe 1:9.18.18-0ubuntu0.22.04.2
updates universe 1:9.18.18-0ubuntu0.22.04.2
updates main 1:9.18.18-0ubuntu0.22.04.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1:9.18.18-0ubuntu0.22.04.2 2024-02-13 17:07:18 UTC

  bind9 (1:9.18.18-0ubuntu0.22.04.2) jammy-security; urgency=medium

  * SECURITY UPDATE: Multiple security issues
    - debian/patches/0001-CVE-2023-4408.patch: Parsing large DNS messages
      may cause excessive CPU load.
    - debian/patches/0002-CVE-2023-5517.patch: Querying RFC 1918 reverse
      zones may cause an assertion failure when nxdomain-redirect is
      enabled.
    - debian/patches/0003-CVE-2023-5679.patch: Enabling both DNS64 and
      serve-stale may cause an assertion failure during recursive
      resolution.
    - debian/patches/0004-CVE-2023-50387-CVE-2023-50868.patch: Extreme CPU
      consumption in DNSSEC validator and Preparing an NSEC3 closest
      encloser proof can exhaust CPU resources.
    - CVE-2023-4408
    - CVE-2023-5517
    - CVE-2023-5679
    - CVE-2023-50387
    - CVE-2023-50868

 -- Marc Deslauriers <email address hidden> Mon, 12 Feb 2024 14:29:56 -0500

Source diff to previous version

Version: 1:9.18.12-0ubuntu0.22.04.3 2023-09-20 16:08:36 UTC

  bind9 (1:9.18.12-0ubuntu0.22.04.3) jammy-security; urgency=medium

  * SECURITY UPDATE: DoS via recusive packet parsing
    - debian/patches/CVE-2023-3341.patch: add a max depth check to
      lib/isc/include/isc/result.h, lib/isc/result.c, lib/isccc/cc.c.
    - CVE-2023-3341
  * SECURITY UPDATE: Dos via DNS-over-TLS queries
    - debian/patches/CVE-2023-4236.patch: check return code in
      lib/isc/netmgr/tlsdns.c.
    - CVE-2023-4236

 -- Marc Deslauriers <email address hidden> Tue, 19 Sep 2023 07:21:46 -0400

Source diff to previous version
CVE-2023-3341 A stack exhaustion flaw in control channel code may cause named to terminate unexpectedly
CVE-2023-4236 named may terminate unexpectedly under high DNS-over-TLS query load

Version: 1:9.18.12-0ubuntu0.22.04.2 2023-06-21 19:07:05 UTC

  bind9 (1:9.18.12-0ubuntu0.22.04.2) jammy-security; urgency=medium

  * SECURITY UPDATE: Configured cache size limit can be significantly
    exceeded
    - debian/patches/CVE-2023-2828.patch: fix cache expiry in
      lib/dns/rbtdb.c.
    - CVE-2023-2828
  * SECURITY UPDATE: Exceeding the recursive-clients quota may cause named
    to terminate unexpectedly when stale-answer-client-timeout is set to 0
    - debian/patches/CVE-2023-2911.patch: fix refreshing queries in
      lib/ns/query.c.
    - CVE-2023-2911

 -- Marc Deslauriers <email address hidden> Tue, 20 Jun 2023 08:29:34 -0400

Source diff to previous version
CVE-2023-2828 named's configured cache size limit can be significantly exceeded
CVE-2023-2911 Exceeding the recursive-clients quota may cause named to terminate unexpectedly when stale-answer-client-timeout is set to 0

Version: 1:9.18.1-1ubuntu1.3 2023-01-25 20:07:05 UTC

  bind9 (1:9.18.1-1ubuntu1.3) jammy-security; urgency=medium

  * SECURITY UPDATE: An UPDATE message flood may cause named to exhaust all
    available memory
    - debian/patches/CVE-2022-3094.patch: add counter in
      bin/named/bind9.xsl, bin/named/statschannel.c, doc/arm/reference.rst,
      lib/ns/include/ns/server.h, lib/ns/include/ns/stats.h,
      lib/ns/server.c, lib/ns/update.c.
    - CVE-2022-3094
  * SECURITY UPDATE: named configured to answer from stale cache may
    terminate unexpectedly while processing RRSIG queries
    - debian/patches/CVE-2022-3736.patch: fix logic in lib/ns/query.c.
    - CVE-2022-3736
  * SECURITY UPDATE: named configured to answer from stale cache may
    terminate unexpectedly at recursive-clients soft quota
    - debian/patches/CVE-2022-3924.patch: improve logic in
      lib/dns/resolver.c, lib/ns/query.c.
    - CVE-2022-3924

 -- Marc Deslauriers <email address hidden> Tue, 24 Jan 2023 08:18:53 -0500

Source diff to previous version

Version: 1:9.18.1-1ubuntu1.2 2022-09-21 14:07:29 UTC

  bind9 (1:9.18.1-1ubuntu1.2) jammy-security; urgency=medium

  * SECURITY UPDATE: Processing large delegations may severely degrade
    resolver performance
    - debian/patches/CVE-2022-2795.patch: add limit to lib/dns/resolver.c.
    - CVE-2022-2795
  * SECURITY UPDATE: Buffer overread in statistics channel code
    - debian/patches/CVE-2022-2881.patch: clear buffer in lib/isc/httpd.c.
    - CVE-2022-2881
  * SECURITY UPDATE: Memory leaks in code handling Diffie-Hellman key
    exchange via TKEY RRs
    - debian/patches/CVE-2022-2906.patch: adjust return code handling in
      lib/dns/openssldh_link.c.
    - CVE-2022-2906
  * SECURITY UPDATE: resolvers configured to answer from cache with zero
    stale-answer-timeout may terminate unexpectedly
    - debian/patches/CVE-2022-3080.patch: refactor stale RRset handling in
      lib/ns/include/ns/query.h, lib/ns/query.c.
    - CVE-2022-3080
  * SECURITY UPDATE: memory leaks in EdDSA DNSSEC verification code
    - debian/patches/CVE-2022-38178.patch: fix return handling in
      lib/dns/openssleddsa_link.c.
    - CVE-2022-38178

 -- Marc Deslauriers <email address hidden> Tue, 20 Sep 2022 07:51:26 -0400

CVE-2022-2795 Processing large delegations may severely degrade resolver performance
CVE-2022-2881 Buffer overread in statistics channel code
CVE-2022-2906 Memory leaks in code handling Diffie-Hellman key exchange via TKEY RRs
CVE-2022-3080 BIND 9 resolvers configured to answer from stale cache with zero stale-answer-client-timeout may terminate unexpectedly
CVE-2022-38178 Memory leaks in EdDSA DNSSEC verification code



About   -   Send Feedback to @ubuntu_updates