Package "bind9-utils"
Name: |
bind9-utils
|
Description: |
Utilities for BIND 9
|
Latest version: |
1:9.18.30-0ubuntu0.22.04.2 |
Release: |
jammy (22.04) |
Level: |
security |
Repository: |
main |
Head package: |
bind9 |
Homepage: |
https://www.isc.org/downloads/bind/ |
Links
Download "bind9-utils"
Other versions of "bind9-utils" in Jammy
Changelog
bind9 (1:9.18.30-0ubuntu0.22.04.2) jammy-security; urgency=medium
* SECURITY UPDATE: Many records in the additional section cause CPU
exhaustion
- debian/patches/CVE-2024-11187.patch: limit the additional processing
for large RDATA sets in bin/tests/*, lib/dns/include/dns/rdataset.h,
lib/dns/rbtdb.c, lib/dns/rdataset.c, lib/dns/resolver.c,
lib/ns/query.c.
- CVE-2024-11187
* SECURITY UPDATE: DNS-over-HTTPS implementation suffers from multiple
issues under heavy query load
- debian/patches/CVE-2024-12705.patch: fix flooding issues in
lib/isc/netmgr/http.c, lib/isc/netmgr/netmgr-int.h,
lib/isc/netmgr/netmgr.c, lib/isc/netmgr/tcp.c,
lib/isc/netmgr/tlsstream.c.
- CVE-2024-12705
-- Marc Deslauriers <email address hidden> Tue, 28 Jan 2025 09:30:35 -0500
|
Source diff to previous version |
CVE-2024-11187 |
Many records in the additional section cause CPU exhaustion |
CVE-2024-12705 |
DNS-over-HTTPS implementation suffers from multiple issues under heavy query load |
|
bind9 (1:9.18.28-0ubuntu0.22.04.1) jammy-security; urgency=medium
* Updated to 9.18.28 to fix multiple security issues.
- CVE-2024-0760: A flood of DNS messages over TCP may make the server
unstable
- CVE-2024-1737: BIND's database will be slow if a very large number of
RRs exist at the same name
- CVE-2024-1975: SIG(0) can be used to exhaust CPU resources
- CVE-2024-4076: Assertion failure when serving both stale cache data
and authoritative zone content
-- Marc Deslauriers <email address hidden> Tue, 16 Jul 2024 14:16:20 -0400
|
Source diff to previous version |
bind9 (1:9.18.18-0ubuntu0.22.04.2) jammy-security; urgency=medium
* SECURITY UPDATE: Multiple security issues
- debian/patches/0001-CVE-2023-4408.patch: Parsing large DNS messages
may cause excessive CPU load.
- debian/patches/0002-CVE-2023-5517.patch: Querying RFC 1918 reverse
zones may cause an assertion failure when nxdomain-redirect is
enabled.
- debian/patches/0003-CVE-2023-5679.patch: Enabling both DNS64 and
serve-stale may cause an assertion failure during recursive
resolution.
- debian/patches/0004-CVE-2023-50387-CVE-2023-50868.patch: Extreme CPU
consumption in DNSSEC validator and Preparing an NSEC3 closest
encloser proof can exhaust CPU resources.
- CVE-2023-4408
- CVE-2023-5517
- CVE-2023-5679
- CVE-2023-50387
- CVE-2023-50868
-- Marc Deslauriers <email address hidden> Mon, 12 Feb 2024 14:29:56 -0500
|
Source diff to previous version |
bind9 (1:9.18.12-0ubuntu0.22.04.3) jammy-security; urgency=medium
* SECURITY UPDATE: DoS via recusive packet parsing
- debian/patches/CVE-2023-3341.patch: add a max depth check to
lib/isc/include/isc/result.h, lib/isc/result.c, lib/isccc/cc.c.
- CVE-2023-3341
* SECURITY UPDATE: Dos via DNS-over-TLS queries
- debian/patches/CVE-2023-4236.patch: check return code in
lib/isc/netmgr/tlsdns.c.
- CVE-2023-4236
-- Marc Deslauriers <email address hidden> Tue, 19 Sep 2023 07:21:46 -0400
|
Source diff to previous version |
CVE-2023-3341 |
A stack exhaustion flaw in control channel code may cause named to terminate unexpectedly |
CVE-2023-4236 |
named may terminate unexpectedly under high DNS-over-TLS query load |
|
bind9 (1:9.18.12-0ubuntu0.22.04.2) jammy-security; urgency=medium
* SECURITY UPDATE: Configured cache size limit can be significantly
exceeded
- debian/patches/CVE-2023-2828.patch: fix cache expiry in
lib/dns/rbtdb.c.
- CVE-2023-2828
* SECURITY UPDATE: Exceeding the recursive-clients quota may cause named
to terminate unexpectedly when stale-answer-client-timeout is set to 0
- debian/patches/CVE-2023-2911.patch: fix refreshing queries in
lib/ns/query.c.
- CVE-2023-2911
-- Marc Deslauriers <email address hidden> Tue, 20 Jun 2023 08:29:34 -0400
|
CVE-2023-2828 |
named's configured cache size limit can be significantly exceeded |
CVE-2023-2911 |
Exceeding the recursive-clients quota may cause named to terminate unexpectedly when stale-answer-client-timeout is set to 0 |
|
About
-
Send Feedback to @ubuntu_updates