UbuntuUpdates.org

Package "bind9"

Name: bind9

Description:

Internet Domain Name Server

Latest version: 1:9.10.3.dfsg.P4-8ubuntu1.12
Release: xenial (16.04)
Level: updates
Repository: main

Links

Save this URL for the latest version of "bind9": https://www.ubuntuupdates.org/bind9


Download "bind9"


Other versions of "bind9" in Xenial

Repository Area Version
base main 1:9.10.3.dfsg.P4-8
base universe 1:9.10.3.dfsg.P4-8
security main 1:9.10.3.dfsg.P4-8ubuntu1.12
security universe 1:9.10.3.dfsg.P4-8ubuntu1.12
updates universe 1:9.10.3.dfsg.P4-8ubuntu1.12

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1:9.10.3.dfsg.P4-8ubuntu1.12 2019-02-22 10:07:15 UTC

  bind9 (1:9.10.3.dfsg.P4-8ubuntu1.12) xenial-security; urgency=medium

  * SECURITY UPDATE: assertion failure when a trust anchor rolls over to an
    unsupported key algorithm when using managed-keys
    - debian/patches/CVE-2018-5745-pre.patch: enhance rfc 5011 logging in
      lib/dns/zone.c,
    - debian/patches/CVE-2018-5745.patch: properly handle situations when
      the key tag cannot be computed in lib/dns/include/dst/dst.h,
      lib/dns/zone.c.
    - CVE-2018-5745
  * SECURITY UPDATE: Controls for zone transfers may not be properly
    applied to Dynamically Loadable Zones (DLZs) if the zones are writable
    - debian/patches/CVE-2019-6465.patch: handle zone transfers marked in
      the zone table as a DLZ zone bin/named/xfrout.c.
    - CVE-2019-6465

 -- Marc Deslauriers <email address hidden> Wed, 20 Feb 2019 10:07:28 +0100

Source diff to previous version
CVE-2018-5745 An assertion failure can occur if a trust anchor rolls over to an unsupported key algorithm when using managed-keys
CVE-2019-6465 Zone transfer controls for writable DLZ zones were not effective

Version: 1:9.10.3.dfsg.P4-8ubuntu1.11 2018-09-20 09:06:54 UTC

  bind9 (1:9.10.3.dfsg.P4-8ubuntu1.11) xenial-security; urgency=medium

  * SECURITY UPDATE: denial of service crash when deny-answer-aliases
    option is used
    - debian/patches/CVE-2018-5740.patch: explicit DNAME query could
      trigger a crash if deny-answer-aliases was set
    - CVE-2018-5740

 -- Marc Deslauriers <email address hidden> Wed, 19 Sep 2018 14:18:30 +0200

Source diff to previous version
CVE-2018-5740 A flaw in the "deny-answer-aliases" feature can cause an INSIST assertion failure in named

Version: 1:9.10.3.dfsg.P4-8ubuntu1.10 2018-01-17 16:06:41 UTC

  bind9 (1:9.10.3.dfsg.P4-8ubuntu1.10) xenial-security; urgency=medium

  * SECURITY UPDATE: assertion failure via improper cleanup
    - debian/patches/CVE-2017-3145.patch: fix cleanup handling in
      lib/dns/resolver.c.
    - CVE-2017-3145

 -- Marc Deslauriers <email address hidden> Tue, 16 Jan 2018 07:27:16 -0500

Source diff to previous version
CVE-2017-3145 Improper fetch cleanup sequencing in the resolver can cause named to crash

Version: 1:9.10.3.dfsg.P4-8ubuntu1.9 2017-11-16 18:06:53 UTC

  bind9 (1:9.10.3.dfsg.P4-8ubuntu1.9) xenial; urgency=medium

  * d/bind9.service: source the defaults file and start the daemon with the
    options set there (LP: #1565060).

 -- Andreas Hasenack <email address hidden> Mon, 06 Nov 2017 17:26:27 -0200

Source diff to previous version
1565060 defaults file is ignored

Version: 1:9.10.3.dfsg.P4-8ubuntu1.8 2017-09-18 20:06:45 UTC

  bind9 (1:9.10.3.dfsg.P4-8ubuntu1.8) xenial-security; urgency=medium

  * SECURITY REGRESSION: regression in last security update
    - debian/patches/CVE-2017-3142-regression.patch: fix verification of
      TSIG signed TCP message sequences where not all the messages contain
      TSIG records in lib/dns/tsig.c, aded test to
      lib/dns/tests/Makefile.in, lib/dns/tests/tsig_test.c.
  * debian/patches/update_keys.patch: Update the built in managed keys to
    include the upcoming root KSK in bind.keys, bind.keys.h.

 -- Marc Deslauriers <email address hidden> Fri, 15 Sep 2017 07:50:24 -0400




About   -   Send Feedback to @ubuntu_updates