UbuntuUpdates.org

Package "bind9"

Name: bind9

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Transitional package
  • Lightweight Resolver Daemon

Latest version: 1:9.8.1.dfsg.P1-4ubuntu0.22
Release: precise (12.04)
Level: security
Repository: universe

Links

Save this URL for the latest version of "bind9": https://www.ubuntuupdates.org/bind9



Other versions of "bind9" in Precise

Repository Area Version
base universe 1:9.8.1.dfsg.P1-4
base main 1:9.8.1.dfsg.P1-4
security main 1:9.8.1.dfsg.P1-4ubuntu0.22
updates main 1:9.8.1.dfsg.P1-4ubuntu0.22
updates universe 1:9.8.1.dfsg.P1-4ubuntu0.22

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1:9.8.1.dfsg.P1-4ubuntu0.22 2017-04-17 18:07:10 UTC

  bind9 (1:9.8.1.dfsg.P1-4ubuntu0.22) precise-security; urgency=medium

  * SECURITY UPDATE: Denial of Service due to an error handling
    synthesized records when using DNS64 with "break-dnssec yes;"
    - bin/named/query.c: reset noqname if query_dns64() called.
    - CVE-2017-3136
  * SECURITY UPDATE: Denial of Service due to resolver terminating when
    processing a response packet containing a CNAME or DNAME
    - lib/dns/resolver.c: don't expect a specific
      ordering of answer components
    - lib/dns/name.c: remove part of assertion that triggers in
      dns_name_split() (partial cherrypick of upstream
      dc3912f3caac1104fef441fd18571b7a975708ea
    - bin/tests/system/dname/ns2/example.db,
      bin/tests/system/dname/tests.sh: add testcases.
    - CVE-2017-3137
  * SECURITY UPDATE: Denial of Service when receiving a null command on
    the control channel
    - lib/isc/lex.c, lib/isc/include/isc/lex.h: don't throw an assert if no
      command token is given
    - CVE-2017-3138

 -- Steve Beattie <email address hidden> Thu, 13 Apr 2017 00:02:24 -0700

Source diff to previous version
CVE-2017-3136 An error handling synthesized records could cause an assertion failure when using DNS64 with "break-dnssec yes;"
CVE-2017-3137 A response packet can cause a resolver to terminate when processing an answer containing a CNAME or DNAME
CVE-2017-3138 named exits with a REQUIRE assertion failure if it receives a null command string on its control channel

Version: 1:9.8.1.dfsg.P1-4ubuntu0.21 2017-02-16 19:06:46 UTC

  bind9 (1:9.8.1.dfsg.P1-4ubuntu0.21) precise-security; urgency=medium

  * SECURITY UPDATE: Combining dns64 and rpz can result in dereferencing
    a NULL pointer
    - bin/named/query.c, lib/dns/message.c, lib/dns/rdataset.c: properly
      handle dns64 and rpz combination.
    - CVE-2017-3135
  * SECURITY UPDATE: regression in CVE-2016-8864
    - lib/dns/resolver.c: synthesised CNAME before matching DNAME was still
      being cached when it should have been,
    - bin/tests/system/dname/ans3/ans.pl,
      bin/tests/system/dname/ns1/root.db, bin/tests/system/dname/tests.sh:
      added tests.
    - No CVE number

 -- Marc Deslauriers <email address hidden> Wed, 15 Feb 2017 10:36:42 -0500

Source diff to previous version
CVE-2016-8864 A problem handling responses containing a DNAME answer can lead to an assertion failure

Version: 1:9.8.1.dfsg.P1-4ubuntu0.20 2017-01-12 13:07:00 UTC

  bind9 (1:9.8.1.dfsg.P1-4ubuntu0.20) precise-security; urgency=medium

  * SECURITY UPDATE: assertion failure via class mismatch
    - lib/dns/resolver.c: properly handle certain TKEY records.
    - CVE-2016-9131
  * SECURITY UPDATE: assertion failure via inconsistent DNSSEC information
    - lib/dns/resolver.c: fix logic when records are returned without the
      requested data.
    - CVE-2016-9147
  * SECURITY UPDATE: regression in CVE-2016-8864
    - lib/dns/resolver.c: properly handle CNAME -> DNAME in responses,
      added tests to bin/tests/system/dname/ns2/example.db,
      bin/tests/system/dname/tests.sh.
    - No CVE number

 -- Marc Deslauriers <email address hidden> Mon, 09 Jan 2017 10:47:06 -0500

Source diff to previous version
CVE-2016-9131 A malformed response to an ANY query can cause an assertion failure during recursion
CVE-2016-9147 An error handling a query response containing inconsistent DNSSEC information could cause an assertion failure
CVE-2016-8864 A problem handling responses containing a DNAME answer can lead to an assertion failure

Version: 1:9.8.1.dfsg.P1-4ubuntu0.19 2016-11-01 21:06:23 UTC

  bind9 (1:9.8.1.dfsg.P1-4ubuntu0.19) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via responses containing a DNAME
    answer
    - lib/dns/resolver.c: remove assertion failure.
    - patch backported from 9.9.9-P4.
    - CVE-2016-8864

 -- Marc Deslauriers <email address hidden> Mon, 31 Oct 2016 09:00:00 -0400

Source diff to previous version
CVE-2016-8864 A problem handling responses containing a DNAME answer can lead to an assertion failure

Version: 1:9.8.1.dfsg.P1-4ubuntu0.18 2016-10-21 07:06:41 UTC

  bind9 (1:9.8.1.dfsg.P1-4ubuntu0.18) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via malformed options
    - Backported upstream commit 4adf97c32fcca7d00e5756607fd045f2aab9c3d4.
    - CVE-2016-2848

 -- Marc Deslauriers <email address hidden> Mon, 17 Oct 2016 14:39:54 +0200

CVE-2016-2848 A packet with malformed options can trigger an assertion failure



About   -   Send Feedback to @ubuntu_updates