UbuntuUpdates.org

Package "bind9"

Name: bind9

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Transitional package
  • Lightweight Resolver Daemon

Latest version: 1:9.10.3.dfsg.P4-8ubuntu1.19
Release: xenial (16.04)
Level: security
Repository: universe

Links



Other versions of "bind9" in Xenial

Repository Area Version
base main 1:9.10.3.dfsg.P4-8
base universe 1:9.10.3.dfsg.P4-8
security main 1:9.10.3.dfsg.P4-8ubuntu1.19
updates main 1:9.10.3.dfsg.P4-8ubuntu1.19
updates universe 1:9.10.3.dfsg.P4-8ubuntu1.19

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1:9.10.3.dfsg.P4-8ubuntu1.19 2021-04-29 13:06:22 UTC

  bind9 (1:9.10.3.dfsg.P4-8ubuntu1.19) xenial-security; urgency=medium

  * SECURITY UPDATE: DoS via broken inbound incremental zone update (IXFR)
    - debian/patches/CVE-2021-25214.patch: immediately reject the entire
      transfer for certain RR in lib/dns/xfrin.c.
    - CVE-2021-25214
  * SECURITY UPDATE: assert via answering certain queries for DNAME records
    - debian/patches/CVE-2021-25215.patch: fix assert checks in
      lib/ns/query.c.
    - CVE-2021-25215
  * SECURITY UPDATE: overflow in BIND's GSSAPI security policy negotiation
    - debian/rules: build with --disable-isc-spnego to disable internal
      SPNEGO and use the one from the kerberos libraries.
    - CVE-2021-25216

 -- Marc Deslauriers <email address hidden> Tue, 27 Apr 2021 07:18:12 -0400

Source diff to previous version
CVE-2021-25214 In BIND 9.8.5 -&gt; 9.8.8, 9.9.3 -&gt; 9.11.29, 9.12.0 -&gt; 9.16.13, ...
CVE-2021-25215 In BIND 9.0.0 -&gt; 9.11.29, 9.12.0 -&gt; 9.16.13, and versions BIND 9 ...
CVE-2021-25216 In BIND 9.5.0 -&gt; 9.11.29, 9.12.0 -&gt; 9.16.13, and versions BIND 9 ...

Version: 1:9.10.3.dfsg.P4-8ubuntu1.18 2021-02-18 14:06:19 UTC

  bind9 (1:9.10.3.dfsg.P4-8ubuntu1.18) xenial-security; urgency=medium

  * SECURITY UPDATE: off-by-one bug in ISC SPNEGO implementation
    - debian/patches/CVE-2020-8625.patch: properly calculate length in
      lib/dns/spnego.c.
    - CVE-2020-8625

 -- Marc Deslauriers <email address hidden> Mon, 15 Feb 2021 08:09:41 -0500

Source diff to previous version
CVE-2020-8625 BIND servers are vulnerable if they are running an affected version an ...

Version: 1:9.10.3.dfsg.P4-8ubuntu1.17 2020-08-21 14:06:17 UTC

  bind9 (1:9.10.3.dfsg.P4-8ubuntu1.17) xenial-security; urgency=medium

  * SECURITY UPDATE: A truncated TSIG response can lead to an assertion
    failure
    - debian/patches/CVE-2020-8622.patch: move code in lib/dns/message.c.
    - CVE-2020-8622
  * SECURITY UPDATE: A flaw in native PKCS#11 code can lead to a remotely
    triggerable assertion failure
    - debian/patches/CVE-2020-8623.patch: add extra checks in
      lib/dns/pkcs11dh_link.c, lib/dns/pkcs11dsa_link.c,
      lib/dns/pkcs11rsa_link.c, lib/isc/include/pk11/internal.h,
      lib/isc/pk11.c.
    - CVE-2020-8623

 -- Marc Deslauriers <email address hidden> Tue, 18 Aug 2020 08:18:25 -0400

Source diff to previous version

Version: 1:9.10.3.dfsg.P4-8ubuntu1.16 2020-05-19 13:06:31 UTC

  bind9 (1:9.10.3.dfsg.P4-8ubuntu1.16) xenial-security; urgency=medium

  * SECURITY UPDATE: BIND does not sufficiently limit the number of fetches
    performed when processing referrals
    - debian/patches/CVE-2020-8616.patch: further limit the number of
      queries that can be triggered from a request in lib/dns/adb.c,
      lib/dns/include/dns/adb.h, lib/dns/resolver.c.
    - CVE-2020-8616
  * SECURITY UPDATE: A logic error in code which checks TSIG validity can
    be used to trigger an assertion failure in tsig.c
    - debian/patches/CVE-2020-8617.patch: don't allow replaying a TSIG
      BADTIME response in lib/dns/tsig.c.
    - CVE-2020-8617

 -- Marc Deslauriers <email address hidden> Fri, 15 May 2020 08:23:59 -0400

Source diff to previous version

Version: 1:9.10.3.dfsg.P4-8ubuntu1.14 2019-04-25 15:07:08 UTC

  bind9 (1:9.10.3.dfsg.P4-8ubuntu1.14) xenial-security; urgency=medium

  * SECURITY UPDATE: limiting simultaneous TCP clients is ineffective
    - debian/patches/CVE-2018-5743.patch: add reference counting in
      bin/named/client.c, bin/named/include/named/client.h,
      bin/named/include/named/interfacemgr.h, bin/named/interfacemgr.c,
      lib/isc/include/isc/quota.h, lib/isc/quota.c,
      lib/isc/win32/libisc.def.in.
    - debian/patches/CVE-2018-5743-atomic-fix.patch: replace atomic
      operations with isc_refcount reference counting in
      bin/named/client.c, bin/named/include/named/interfacemgr.h,
      bin/named/interfacemgr.c.
    - CVE-2018-5743

 -- Marc Deslauriers <email address hidden> Wed, 24 Apr 2019 06:17:28 -0400

CVE-2018-5743 Limiting simultaneous TCP clients is ineffective



About   -   Send Feedback to @ubuntu_updates