UbuntuUpdates.org

Package "lwresd"

Name: lwresd

Description:

Lightweight Resolver Daemon

Latest version: 1:9.8.1.dfsg.P1-4ubuntu0.32
Release: precise (12.04)
Level: security
Repository: universe
Head package: bind9

Links


Download "lwresd"


Other versions of "lwresd" in Precise

Repository Area Version
base universe 1:9.8.1.dfsg.P1-4
updates universe 1:9.8.1.dfsg.P1-4ubuntu0.32

Changelog

Version: 1:9.8.1.dfsg.P1-4ubuntu0.32 2021-05-03 14:07:24 UTC

  bind9 (1:9.8.1.dfsg.P1-4ubuntu0.32) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: off-by-one bug in ISC SPNEGO implementation
    - properly calculate length in lib/dns/spnego.c.
    - CVE-2020-8625

 -- Avital Ostromich <email address hidden> Tue, 23 Feb 2021 18:56:07 -0500

Source diff to previous version
CVE-2020-8625 BIND servers are vulnerable if they are running an affected version an ...

Version: 1:9.8.1.dfsg.P1-4ubuntu0.22 2017-04-17 18:07:10 UTC

  bind9 (1:9.8.1.dfsg.P1-4ubuntu0.22) precise-security; urgency=medium

  * SECURITY UPDATE: Denial of Service due to an error handling
    synthesized records when using DNS64 with "break-dnssec yes;"
    - bin/named/query.c: reset noqname if query_dns64() called.
    - CVE-2017-3136
  * SECURITY UPDATE: Denial of Service due to resolver terminating when
    processing a response packet containing a CNAME or DNAME
    - lib/dns/resolver.c: don't expect a specific
      ordering of answer components
    - lib/dns/name.c: remove part of assertion that triggers in
      dns_name_split() (partial cherrypick of upstream
      dc3912f3caac1104fef441fd18571b7a975708ea
    - bin/tests/system/dname/ns2/example.db,
      bin/tests/system/dname/tests.sh: add testcases.
    - CVE-2017-3137
  * SECURITY UPDATE: Denial of Service when receiving a null command on
    the control channel
    - lib/isc/lex.c, lib/isc/include/isc/lex.h: don't throw an assert if no
      command token is given
    - CVE-2017-3138

 -- Steve Beattie <email address hidden> Thu, 13 Apr 2017 00:02:24 -0700

Source diff to previous version
CVE-2017-3136 An error handling synthesized records could cause an assertion failure when using DNS64 with "break-dnssec yes;"
CVE-2017-3137 A response packet can cause a resolver to terminate when processing an answer containing a CNAME or DNAME
CVE-2017-3138 named exits with a REQUIRE assertion failure if it receives a null command string on its control channel

Version: 1:9.8.1.dfsg.P1-4ubuntu0.21 2017-02-16 19:06:46 UTC

  bind9 (1:9.8.1.dfsg.P1-4ubuntu0.21) precise-security; urgency=medium

  * SECURITY UPDATE: Combining dns64 and rpz can result in dereferencing
    a NULL pointer
    - bin/named/query.c, lib/dns/message.c, lib/dns/rdataset.c: properly
      handle dns64 and rpz combination.
    - CVE-2017-3135
  * SECURITY UPDATE: regression in CVE-2016-8864
    - lib/dns/resolver.c: synthesised CNAME before matching DNAME was still
      being cached when it should have been,
    - bin/tests/system/dname/ans3/ans.pl,
      bin/tests/system/dname/ns1/root.db, bin/tests/system/dname/tests.sh:
      added tests.
    - No CVE number

 -- Marc Deslauriers <email address hidden> Wed, 15 Feb 2017 10:36:42 -0500

Source diff to previous version
CVE-2016-8864 A problem handling responses containing a DNAME answer can lead to an assertion failure

Version: 1:9.8.1.dfsg.P1-4ubuntu0.20 2017-01-12 13:07:00 UTC

  bind9 (1:9.8.1.dfsg.P1-4ubuntu0.20) precise-security; urgency=medium

  * SECURITY UPDATE: assertion failure via class mismatch
    - lib/dns/resolver.c: properly handle certain TKEY records.
    - CVE-2016-9131
  * SECURITY UPDATE: assertion failure via inconsistent DNSSEC information
    - lib/dns/resolver.c: fix logic when records are returned without the
      requested data.
    - CVE-2016-9147
  * SECURITY UPDATE: regression in CVE-2016-8864
    - lib/dns/resolver.c: properly handle CNAME -> DNAME in responses,
      added tests to bin/tests/system/dname/ns2/example.db,
      bin/tests/system/dname/tests.sh.
    - No CVE number

 -- Marc Deslauriers <email address hidden> Mon, 09 Jan 2017 10:47:06 -0500

Source diff to previous version
CVE-2016-9131 A malformed response to an ANY query can cause an assertion failure during recursion
CVE-2016-9147 An error handling a query response containing inconsistent DNSSEC information could cause an assertion failure
CVE-2016-8864 A problem handling responses containing a DNAME answer can lead to an assertion failure

Version: 1:9.8.1.dfsg.P1-4ubuntu0.19 2016-11-01 21:06:23 UTC

  bind9 (1:9.8.1.dfsg.P1-4ubuntu0.19) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via responses containing a DNAME
    answer
    - lib/dns/resolver.c: remove assertion failure.
    - patch backported from 9.9.9-P4.
    - CVE-2016-8864

 -- Marc Deslauriers <email address hidden> Mon, 31 Oct 2016 09:00:00 -0400

CVE-2016-8864 A problem handling responses containing a DNAME answer can lead to an assertion failure



About   -   Send Feedback to @ubuntu_updates