UbuntuUpdates.org

Package "bind9"

Name: bind9

Description:

Internet Domain Name Server

Latest version: 1:9.9.5.dfsg-3ubuntu0.19
Release: trusty (14.04)
Level: updates
Repository: main

Links


Download "bind9"


Other versions of "bind9" in Trusty

Repository Area Version
base main 1:9.9.5.dfsg-3
base universe 1:9.9.5.dfsg-3
security universe 1:9.9.5.dfsg-3ubuntu0.19
security main 1:9.9.5.dfsg-3ubuntu0.19
updates universe 1:9.9.5.dfsg-3ubuntu0.19

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1:9.9.5.dfsg-3ubuntu0.19 2019-02-22 10:07:11 UTC

  bind9 (1:9.9.5.dfsg-3ubuntu0.19) trusty-security; urgency=medium

  * SECURITY UPDATE: assertion failure when a trust anchor rolls over to an
    unsupported key algorithm when using managed-keys
    - lib/dns/zone.c: enhance rfc 5011 logging
    - lib/dns/include/dst/dst.h, lib/dns/zone.c: properly handle situations
      when the key tag cannot be computed.
    - CVE-2018-5745
  * SECURITY UPDATE: Controls for zone transfers may not be properly
    applied to Dynamically Loadable Zones (DLZs) if the zones are writable
    - bin/named/xfrout.c: handle zone transfers marked in the zone table as
      a DLZ zone.
    - CVE-2019-6465

 -- Marc Deslauriers <email address hidden> Wed, 20 Feb 2019 10:21:50 +0100

Source diff to previous version
CVE-2018-5745 An assertion failure can occur if a trust anchor rolls over to an unsupported key algorithm when using managed-keys
CVE-2019-6465 Zone transfer controls for writable DLZ zones were not effective

Version: 1:9.9.5.dfsg-3ubuntu0.18 2018-09-20 09:06:51 UTC

  bind9 (1:9.9.5.dfsg-3ubuntu0.18) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service crash when deny-answer-aliases
    option is used
    - lib/dns/resolver.c: explicit DNAME query could trigger a crash if
      deny-answer-aliases was set
    - Patch backported from 9.9.13-P1.
    - CVE-2018-5740

 -- Marc Deslauriers <email address hidden> Wed, 19 Sep 2018 14:23:16 +0200

Source diff to previous version
CVE-2018-5740 A flaw in the "deny-answer-aliases" feature can cause an INSIST assertion failure in named

Version: 1:9.9.5.dfsg-3ubuntu0.17 2018-01-17 16:06:39 UTC

  bind9 (1:9.9.5.dfsg-3ubuntu0.17) trusty-security; urgency=medium

  * SECURITY UPDATE: assertion failure via improper cleanup
    - lib/dns/resolver.c: fix cleanup handling.
    - Patch backported from 9.9.11-P1.
    - CVE-2017-3145

 -- Marc Deslauriers <email address hidden> Tue, 16 Jan 2018 07:29:46 -0500

Source diff to previous version
CVE-2017-3145 Improper fetch cleanup sequencing in the resolver can cause named to crash

Version: 1:9.9.5.dfsg-3ubuntu0.16 2017-09-18 20:06:41 UTC

  bind9 (1:9.9.5.dfsg-3ubuntu0.16) trusty-security; urgency=medium

  * SECURITY REGRESSION: regression in last security update
    - fix verification of TSIG signed TCP message sequences where not all
      the messages contain TSIG records in lib/dns/tsig.c, aded test to
      lib/dns/tests/Makefile.in, lib/dns/tests/tsig_test.c.
    - 6fcdcabc11f18eb128167f7f7eca4a244bf75c52
  * Update the built in managed keys to include the upcoming root KSK in
    bind.keys, bin/named/bind.keys.h.
    - 9543825c155c5c5ec42cc4d95fe6f0d52ef9b0a7

 -- Marc Deslauriers <email address hidden> Fri, 15 Sep 2017 07:53:57 -0400

Source diff to previous version

Version: 1:9.9.5.dfsg-3ubuntu0.15 2017-06-30 00:06:36 UTC

  bind9 (1:9.9.5.dfsg-3ubuntu0.15) trusty-security; urgency=medium

  * SECURITY UPDATE: TSIG authentication issues
    - lib/dns/dnssec.c, lib/dns/message.c, lib/dns/tsig.c: fix TSIG logic.
    - CVE-2017-3142
    - CVE-2017-3143

 -- Marc Deslauriers <email address hidden> Thu, 29 Jun 2017 08:11:53 -0400

CVE-2017-3142 RESERVED
CVE-2017-3143 RESERVED



About   -   Send Feedback to @ubuntu_updates