UbuntuUpdates.org

Package "bind9utils"

Name: bind9utils

Description:

Transitional package for bind9-utils
Latest version: 1:9.18.12-1ubuntu1.2
Release: lunar (23.04)
Level: security
Repository: universe
Head package: bind9
Homepage: https://www.isc.org/downloads/bind/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "bind9utils"

All arch deb package
APT INSTALL

Other versions of "bind9utils" in Lunar

Repository Area Version
base universe 1:9.18.12-1ubuntu1
updates universe 1:9.18.18-0ubuntu0.23.04.1

Changelog

Version: 1:9.18.12-1ubuntu1.2 2023-09-20 16:08:43 UTC

  bind9 (1:9.18.12-1ubuntu1.2) lunar-security; urgency=medium

  * SECURITY UPDATE: DoS via recusive packet parsing
    - debian/patches/CVE-2023-3341.patch: add a max depth check to
      lib/isc/include/isc/result.h, lib/isc/result.c, lib/isccc/cc.c.
    - CVE-2023-3341
  * SECURITY UPDATE: Dos via DNS-over-TLS queries
    - debian/patches/CVE-2023-4236.patch: check return code in
      lib/isc/netmgr/tlsdns.c.
    - CVE-2023-4236

 -- Marc Deslauriers <email address hidden> Tue, 19 Sep 2023 07:18:28 -0400
Source diff to previous version
CVE-2023-3341 A stack exhaustion flaw in control channel code may cause named to terminate unexpectedly
CVE-2023-4236 named may terminate unexpectedly under high DNS-over-TLS query load

Version: 1:9.18.12-1ubuntu1.1 2023-06-21 19:07:09 UTC

  bind9 (1:9.18.12-1ubuntu1.1) lunar-security; urgency=medium

  * SECURITY UPDATE: Configured cache size limit can be significantly
    exceeded
    - debian/patches/CVE-2023-2828.patch: fix cache expiry in
      lib/dns/rbtdb.c.
    - CVE-2023-2828
  * SECURITY UPDATE: Exceeding the recursive-clients quota may cause named
    to terminate unexpectedly when stale-answer-client-timeout is set to 0
    - debian/patches/CVE-2023-2911.patch: fix refreshing queries in
      lib/ns/query.c.
    - CVE-2023-2911

 -- Marc Deslauriers <email address hidden> Tue, 20 Jun 2023 08:24:50 -0400
CVE-2023-2828 named's configured cache size limit can be significantly exceeded
CVE-2023-2911 Exceeding the recursive-clients quota may cause named to terminate unexpectedly when stale-answer-client-timeout is set to 0


About   -   Send Feedback to @ubuntu_updates