Package "bind9-dnsutils"
| Name: |
bind9-dnsutils
|
Description: |
Clients provided with BIND 9
|
| Latest version: |
1:9.20.11-1ubuntu2.2 |
| Release: |
questing (25.10) |
| Level: |
updates |
| Repository: |
main |
| Head package: |
bind9 |
| Homepage: |
https://www.isc.org/downloads/bind/ |
Links
Download "bind9-dnsutils"
Other versions of "bind9-dnsutils" in Questing
Changelog
|
bind9 (1:9.20.11-1ubuntu2.2) questing-security; urgency=medium
* SECURITY UPDATE: Excessive NSEC3 iterations cause high CPU load during
insecure delegation validation
- debian/patches/CVE-2026-1519-1.patch: add reproducers to bin/tests/*.
- debian/patches/CVE-2026-1519-2.patch: check iterations in
isdelegation() in lib/dns/validator.c.
- debian/patches/CVE-2026-1519-3.patch: don't verify already trusted
rdatasets in lib/dns/include/dns/types.h, lib/dns/validator.c.
- debian/patches/CVE-2026-1519-4.patch: combine validator_log and
marksecure in lib/dns/validator.c.
- debian/patches/CVE-2026-1519-5.patch: check RRset trust in
validate_neg_rrset() in lib/dns/validator.c.
- CVE-2026-1519
* SECURITY UPDATE: Memory leak in code preparing DNSSEC proofs of
non-existence
- debian/patches/CVE-2026-3104-1.patch: add tests to bin/tests/*.
- debian/patches/CVE-2026-3104-2.patch: fix memory leak in QPcache
addnoqname/addclosest mechanism in lib/dns/qpcache.c,
lib/dns/rbtdb.c.
- CVE-2026-3104
* SECURITY UPDATE: Authenticated query containing a TKEY record may cause
named to terminate unexpectedly
- debian/patches/CVE-2026-3119-1.patch: add tests to bin/tests/*.
- debian/patches/CVE-2026-3119-2.patch: fix a bug in
dns_tkey_processquery() in lib/dns/tkey.c.
- CVE-2026-3119
* SECURITY UPDATE: A stack use-after-return flaw in SIG(0) handling code
may enable ACL bypass
- debian/patches/CVE-2026-3591-1.patch: add tests to bin/tests/*.
- debian/patches/CVE-2026-3591-2.patch: fix stack Use-After-Return in
SIG(0) handling in bin/named/server.c.
- CVE-2026-3591
-- Marc Deslauriers <email address hidden> Tue, 24 Mar 2026 11:17:07 -0400
|
| Source diff to previous version |
| CVE-2026-1519 |
Excessive NSEC3 iterations cause high CPU load during insecure delegation validation |
| CVE-2026-3104 |
Memory leak in code preparing DNSSEC proofs of non-existence |
| CVE-2026-3119 |
Authenticated query containing a TKEY record may cause named to terminate unexpectedly |
| CVE-2026-3591 |
A stack use-after-return flaw in SIG(0) handling code may enable ACL bypass |
|
|
bind9 (1:9.20.11-1ubuntu2.1) questing-security; urgency=medium
* SECURITY UPDATE: Resource exhaustion via malformed DNSKEY handling
- debian/patches/CVE-2025-8677.patch: count invalid keys as validation
failures in lib/dns/validator.c.
- CVE-2025-8677
* SECURITY UPDATE: Cache poisoning attacks with unsolicited RRs
- debian/patches/CVE-2025-40778.patch: no longer accept DNAME records
or extraneous NS records in the AUTHORITY section unless these are
received via spoofing-resistant transport in doc/arm/reference.rst,
lib/dns/include/dns/message.h, lib/dns/message.c, lib/dns/resolver.c.
- CVE-2025-40778
* SECURITY UPDATE: Cache poisoning due to weak PRNG
- debian/patches/CVE-2025-40780.patch: change internal random generator
to a cryptographically secure pseudo-random generator in
configure.ac, lib/isc/Makefile.am, lib/isc/hash.c, lib/isc/hashmap.c,
lib/isc/include/isc/nonce.h, lib/isc/include/isc/random.h,
lib/isc/random.c, tests/isc/random_test.c.
- CVE-2025-40780
-- Marc Deslauriers <email address hidden> Tue, 21 Oct 2025 07:57:20 -0400
|
|
|
About
-
Send Feedback to @ubuntu_updates
