UbuntuUpdates.org

Package "bind9"

Name: bind9

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Transitional package
  • Lightweight Resolver Daemon

Latest version: 1:9.9.5.dfsg-3ubuntu0.19
Release: trusty (14.04)
Level: security
Repository: universe

Links



Other versions of "bind9" in Trusty

Repository Area Version
base main 1:9.9.5.dfsg-3
base universe 1:9.9.5.dfsg-3
security main 1:9.9.5.dfsg-3ubuntu0.19
updates universe 1:9.9.5.dfsg-3ubuntu0.19
updates main 1:9.9.5.dfsg-3ubuntu0.19

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1:9.9.5.dfsg-3ubuntu0.14 2017-04-17 18:07:20 UTC

  bind9 (1:9.9.5.dfsg-3ubuntu0.14) trusty-security; urgency=medium

  * SECURITY UPDATE: Denial of Service due to an error handling
    synthesized records when using DNS64 with "break-dnssec yes;"
    - bin/named/query.c: reset noqname if query_dns64() called.
    - CVE-2017-3136
  * SECURITY UPDATE: Denial of Service due to resolver terminating when
    processing a response packet containing a CNAME or DNAME
    - lib/dns/resolver.c: don't expect a specific
      ordering of answer components
    - lib/dns/name.c: remove part of assertion that triggers in
      dns_name_split() (partial cherrypick of upstream
      dc3912f3caac1104fef441fd18571b7a975708ea
    - bin/tests/system/dname/ns2/example.db,
      bin/tests/system/dname/tests.sh: add testcases.
    - CVE-2017-3137
  * SECURITY UPDATE: Denial of Service when receiving a null command on
    the control channel
    - lib/isc/lex.c, lib/isc/include/isc/lex.h: don't throw an assert if no
      command token is given
    - bin/tests/system/rndc/tests.sh: add testcase.
    - CVE-2017-3138

 -- Steve Beattie <email address hidden> Wed, 12 Apr 2017 09:45:52 -0700

Source diff to previous version
CVE-2017-3136 An error handling synthesized records could cause an assertion failure when using DNS64 with "break-dnssec yes;"
CVE-2017-3137 A response packet can cause a resolver to terminate when processing an answer containing a CNAME or DNAME
CVE-2017-3138 named exits with a REQUIRE assertion failure if it receives a null command string on its control channel

Version: 1:9.9.5.dfsg-3ubuntu0.13 2017-02-16 20:06:50 UTC

  bind9 (1:9.9.5.dfsg-3ubuntu0.13) trusty-security; urgency=medium

  * SECURITY UPDATE: Combining dns64 and rpz can result in dereferencing
    a NULL pointer
    - bin/named/query.c, lib/dns/message.c, lib/dns/rdataset.c: properly
      handle dns64 and rpz combination.
    - CVE-2017-3135
  * SECURITY UPDATE: regression in CVE-2016-8864
    - lib/dns/resolver.c: synthesised CNAME before matching DNAME was still
      being cached when it should have been,
    - bin/tests/system/dname/ans3/ans.pl,
      bin/tests/system/dname/ns1/root.db, bin/tests/system/dname/tests.sh:
      added tests.
    - No CVE number

 -- Marc Deslauriers <email address hidden> Wed, 15 Feb 2017 09:19:14 -0500

Source diff to previous version
CVE-2016-8864 A problem handling responses containing a DNAME answer can lead to an assertion failure

Version: 1:9.9.5.dfsg-3ubuntu0.11 2017-01-12 13:07:04 UTC

  bind9 (1:9.9.5.dfsg-3ubuntu0.11) trusty-security; urgency=medium

  * SECURITY UPDATE: assertion failure via class mismatch
    - lib/dns/resolver.c: properly handle certain TKEY records.
    - CVE-2016-9131
  * SECURITY UPDATE: assertion failure via inconsistent DNSSEC information
    - lib/dns/resolver.c: fix logic when records are returned without the
      requested data.
    - CVE-2016-9147
  * SECURITY UPDATE: assertion failure via unusually-formed DS record
    - lib/dns/message.c, lib/dns/resolver.c: handle missing RRSIGs.
    - CVE-2016-9444
  * SECURITY UPDATE: regression in CVE-2016-8864
    - lib/dns/resolver.c: properly handle CNAME -> DNAME in responses,
      added tests to bin/tests/system/dname/ns2/example.db,
      bin/tests/system/dname/tests.sh.
    - No CVE number

 -- Marc Deslauriers <email address hidden> Mon, 09 Jan 2017 09:27:53 -0500

Source diff to previous version
CVE-2016-9131 A malformed response to an ANY query can cause an assertion failure during recursion
CVE-2016-9147 An error handling a query response containing inconsistent DNSSEC information could cause an assertion failure
CVE-2016-9444 An unusually-formed DS record response could cause an assertion failure
CVE-2016-8864 A problem handling responses containing a DNAME answer can lead to an assertion failure

Version: 1:9.9.5.dfsg-3ubuntu0.10 2016-11-01 21:06:24 UTC

  bind9 (1:9.9.5.dfsg-3ubuntu0.10) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service via responses containing a DNAME
    answer
    - lib/dns/resolver.c: remove assertion failure.
    - patch backported from 9.9.9-P4.
    - CVE-2016-8864

 -- Marc Deslauriers <email address hidden> Mon, 31 Oct 2016 08:57:15 -0400

Source diff to previous version
CVE-2016-8864 A problem handling responses containing a DNAME answer can lead to an assertion failure

Version: 1:9.9.5.dfsg-3ubuntu0.9 2016-09-27 13:06:43 UTC

  bind9 (1:9.9.5.dfsg-3ubuntu0.9) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service via assertion failure
    - lib/dns/message.c: properly handle lengths.
    - backported from patch provided by upstream.
    - CVE-2016-2776

 -- Marc Deslauriers <email address hidden> Mon, 26 Sep 2016 14:40:09 -0400

CVE-2016-2776 RESERVED



About   -   Send Feedback to @ubuntu_updates