UbuntuUpdates.org

Package "bind9-doc"

Name: bind9-doc

Description:

Documentation for BIND 9
Latest version: 1:9.20.18-1ubuntu2.1
Release: resolute (26.04)
Level: security
Repository: main
Head package: bind9
Homepage: https://www.isc.org/downloads/bind/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "bind9-doc"

All arch deb package
APT INSTALL

Other versions of "bind9-doc" in Resolute

Repository Area Version
base main 1:9.20.18-1ubuntu2
updates main 1:9.20.18-1ubuntu2.1

Changelog

Version: 1:9.20.18-1ubuntu2.1 2026-05-21 20:07:43 UTC

  bind9 (1:9.20.18-1ubuntu2.1) resolute-security; urgency=medium

  * SECURITY UPDATE: BIND 9 server memory exhaustion during GSS-API TKEY
    negotiation
    - debian/patches/CVE-2026-3039-pre1.patch: Release gnamebuf also on the
      error path in lib/dns/gssapictx.c.
    - debian/patches/CVE-2026-3039-1.patch: Fix GSS-API context leak in TKEY
      negotiation in lib/dns/gssapictx.c, lib/dns/include/dst/gssapi.h,
      lib/dns/tkey.c.
    - debian/patches/CVE-2026-3039-3.patch: Fix output token and GSS context
      leaks in TKEY/GSS-API error paths in lib/dns/gssapictx.c,
      lib/dns/tkey.c.
    - CVE-2026-3039
  * SECURITY UPDATE: Amplification vulnerabilities via self-pointed glue
    records
    - debian/patches/CVE-2026-3592-1.patch: Limit the number of addresses
      returned per ADB find in bin/named/main.c, lib/dns/adb.c.
    - debian/patches/CVE-2026-3592-2.patch: Remove duplicate addresses from
      the resolver SLIST in lib/dns/resolver.c.
    - debian/patches/CVE-2026-3592-3.patch: Add system test for self-pointed
      glue deduplication in bin/tests/system/selfpointedglue/ns1/named.conf.j2,
      bin/tests/system/selfpointedglue/ns1/root.db,
      bin/tests/system/selfpointedglue/ns2/named.conf.j2,
      bin/tests/system/selfpointedglue/ns2/tld.db,
      bin/tests/system/selfpointedglue/ns3/example.tld.db,
      bin/tests/system/selfpointedglue/ns3/example2.tld.db,
      bin/tests/system/selfpointedglue/ns3/named.conf.j2,
      bin/tests/system/selfpointedglue/ns4/named.args.j2,
      bin/tests/system/selfpointedglue/ns4/named.conf.j2,
      bin/tests/system/selfpointedglue/ns4/root.hint,
      bin/tests/system/selfpointedglue/tests_selfpointedglue.py.
    - debian/patches/CVE-2026-3592-4.patch: Add SRTT-based server selection
      system test in bin/tests/system/srtt/README,
      bin/tests/system/srtt/ans2/ans.py, bin/tests/system/srtt/ans3/ans.py,
      bin/tests/system/srtt/ans4/ans.py, bin/tests/system/srtt/ans5/ans.py,
      bin/tests/system/srtt/ns1/named.conf.j2,
      bin/tests/system/srtt/ns1/root.db, bin/tests/system/srtt/ns6/named.args,
      bin/tests/system/srtt/ns6/named.conf.j2,
      bin/tests/system/srtt/srtt_ans.py, bin/tests/system/srtt/tests_srtt.py.
    - CVE-2026-3592
  * SECURITY UPDATE: Heap use-after-free vulnerability in BIND 9
    DNS-over-HTTPS implementation
    - debian/patches/CVE-2026-3593-1.patch: Add system test for HTTP/2
      SETTINGS frame flood in bin/tests/system/doth/tests_malicious.py.
    - debian/patches/CVE-2026-3593-2.patch: Fix use-after-free in DoH write
      buffer after HTTP/2 send in lib/isc/netmgr/http.c.
    - CVE-2026-3593
  * SECURITY UPDATE: Invalid handling of CLASS != IN
    - debian/patches/CVE-2026-5946-1.patch: Disable recursion for non-IN
      classes in bin/named/server.c, lib/isccfg/check.c.
    - debian/patches/CVE-2026-5946-2.patch: Disable UPDATE and NOTIFY for
      non-IN classes in bin/named/server.c, lib/dns/adb.c,
      lib/ns/client.c, lib/ns/update.c.
    - debian/patches/CVE-2026-5946-3.patch: Validate DNS message CLASS early
      in request processing in bin/tests/system/unknown/tests.sh,
      lib/ns/client.c.
    - debian/patches/CVE-2026-5946-4.patch: Reject meta-classes in UPDATE and
      NOTIFY messages in lib/dns/message.c.
    - debian/patches/CVE-2026-5946-5.patch: Skip "deny-answer-address" for
      non-IN addresses in lib/dns/resolver.c.
    - debian/patches/CVE-2026-5946-6.patch: Test CHAOS view recursion behavior
      in bin/tests/system/checkconf/tests.sh,
      bin/tests/system/checkconf/warn-chaos-recursion.conf,
      bin/tests/system/class/ns1/chaos.db.in,
      bin/tests/system/class/ns1/named.conf.j2,
      bin/tests/system/class/ns2/example.db.in,
      bin/tests/system/class/ns2/localhost.db.in,
      bin/tests/system/class/ns2/named.conf.j2,
      bin/tests/system/class/ns3/named.conf.j2, bin/tests/system/class/setup.sh,
      bin/tests/system/class/tests_class_chaos.py,
      bin/tests/system/isctest/check.py.
    - debian/patches/CVE-2026-5946-7.patch: Test UPDATE behavior in CHAOS and
      other non-IN classes in bin/named/server.c,
      bin/tests/system/class/ns2/localhost.db.in,
      bin/tests/system/class/tests_class_update.py.
    - debian/patches/CVE-2026-5946-8.patch: Test server behavior when sending
      various UPDATE requests in bin/tests/system/class/tests_class_update.py,
      bin/tests/system/nsupdate/setup.sh, bin/tests/system/nsupdate/tests.sh,
      bin/tests/system/packet.pl.
    - debian/patches/CVE-2026-5946-9.patch: Make the RD flag optional in
      isctest.query() in bin/tests/system/isctest/query.py.
    - CVE-2026-5946
  * SECURITY UPDATE: SIG(0) validation during query flood may lead to
    undefined behavior
    - debian/patches/CVE-2026-5947.patch: Fix use-after-free in resolver SIG(0)
      async verification path in lib/dns/resolver.c.
    - CVE-2026-5947
  * SECURITY UPDATE: Unbounded resend loop in BIND 9 resolver
    - debian/patches/CVE-2026-5950-1.patch: Add reproducer for BADCOOKIE
      resend loop in bin/tests/system/resend_loop/ans3/ans.py,
      bin/tests/system/resend_loop/ns4/named.conf.j2,
      bin/tests/system/resend_loop/ns4/root.hint,
      bin/tests/system/resend_loop/tests_resend_loop.py.
    - debian/patches/CVE-2026-5950-2.patch: Refactor incrementing query
      counters in lib/dns/resolver.c.
    - debian/patches/CVE-2026-5950-3.patch: rctx_resend() increment query
      counters in lib/dns/resolver.c.
    - CVE-2026-5950
  * d/p/CVE-2026-1519-1.patch, d/p/CVE-2026-3104-1.patch: disable patches,
    quilt doesn't like patches that create symlinks apparently.

 -- Marc Deslauriers <email address hidden> Thu, 21 May 2026 08:23:48 -0400
CVE-2026-3039 BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when receiving an
CVE-2026-3592 BIND resolvers are vulnerable to an amplified resource consumption/exhaustion attack. If a victim resolver makes a query to a specially crafted zone
CVE-2026-3593 A use-after-free vulnerability exists within the DNS-over-HTTPS implementation. This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 thr
CVE-2026-5946 Multiple flaws have been identified in `named` related to the handling of DNS messages whose CLASS is not Internet (`IN`) — for example, `CHAOS` or `
CVE-2026-5947 Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message signed with SI
CVE-2026-5950 An unbounded resend loop vulnerability exists in the BIND 9 resolver state machine during bad-server handling, enabling a remote unauthenticated atta
CVE-2026-1519 Excessive NSEC3 iterations cause high CPU load during insecure delegation validation
CVE-2026-3104 Memory leak in code preparing DNSSEC proofs of non-existence


About   -   Send Feedback to @ubuntu_updates