UbuntuUpdates.org

Package "lwresd"

Name: lwresd

Description:

Lightweight Resolver Daemon

Latest version: 1:9.10.3.dfsg.P4-8ubuntu1.16
Release: xenial (16.04)
Level: security
Repository: universe
Head package: bind9

Links


Download "lwresd"


Other versions of "lwresd" in Xenial

Repository Area Version
base universe 1:9.10.3.dfsg.P4-8
updates universe 1:9.10.3.dfsg.P4-8ubuntu1.16

Changelog

Version: 1:9.10.3.dfsg.P4-8ubuntu1.16 2020-05-19 13:06:31 UTC

  bind9 (1:9.10.3.dfsg.P4-8ubuntu1.16) xenial-security; urgency=medium

  * SECURITY UPDATE: BIND does not sufficiently limit the number of fetches
    performed when processing referrals
    - debian/patches/CVE-2020-8616.patch: further limit the number of
      queries that can be triggered from a request in lib/dns/adb.c,
      lib/dns/include/dns/adb.h, lib/dns/resolver.c.
    - CVE-2020-8616
  * SECURITY UPDATE: A logic error in code which checks TSIG validity can
    be used to trigger an assertion failure in tsig.c
    - debian/patches/CVE-2020-8617.patch: don't allow replaying a TSIG
      BADTIME response in lib/dns/tsig.c.
    - CVE-2020-8617

 -- Marc Deslauriers <email address hidden> Fri, 15 May 2020 08:23:59 -0400

Source diff to previous version

Version: 1:9.10.3.dfsg.P4-8ubuntu1.14 2019-04-25 15:07:08 UTC

  bind9 (1:9.10.3.dfsg.P4-8ubuntu1.14) xenial-security; urgency=medium

  * SECURITY UPDATE: limiting simultaneous TCP clients is ineffective
    - debian/patches/CVE-2018-5743.patch: add reference counting in
      bin/named/client.c, bin/named/include/named/client.h,
      bin/named/include/named/interfacemgr.h, bin/named/interfacemgr.c,
      lib/isc/include/isc/quota.h, lib/isc/quota.c,
      lib/isc/win32/libisc.def.in.
    - debian/patches/CVE-2018-5743-atomic-fix.patch: replace atomic
      operations with isc_refcount reference counting in
      bin/named/client.c, bin/named/include/named/interfacemgr.h,
      bin/named/interfacemgr.c.
    - CVE-2018-5743

 -- Marc Deslauriers <email address hidden> Wed, 24 Apr 2019 06:17:28 -0400

Source diff to previous version
CVE-2018-5743 Limiting simultaneous TCP clients is ineffective

Version: 1:9.10.3.dfsg.P4-8ubuntu1.12 2019-02-22 09:06:40 UTC

  bind9 (1:9.10.3.dfsg.P4-8ubuntu1.12) xenial-security; urgency=medium

  * SECURITY UPDATE: assertion failure when a trust anchor rolls over to an
    unsupported key algorithm when using managed-keys
    - debian/patches/CVE-2018-5745-pre.patch: enhance rfc 5011 logging in
      lib/dns/zone.c,
    - debian/patches/CVE-2018-5745.patch: properly handle situations when
      the key tag cannot be computed in lib/dns/include/dst/dst.h,
      lib/dns/zone.c.
    - CVE-2018-5745
  * SECURITY UPDATE: Controls for zone transfers may not be properly
    applied to Dynamically Loadable Zones (DLZs) if the zones are writable
    - debian/patches/CVE-2019-6465.patch: handle zone transfers marked in
      the zone table as a DLZ zone bin/named/xfrout.c.
    - CVE-2019-6465

 -- Marc Deslauriers <email address hidden> Wed, 20 Feb 2019 10:07:28 +0100

Source diff to previous version
CVE-2018-5745 An assertion failure can occur if a trust anchor rolls over to an unsupported key algorithm when using managed-keys
CVE-2019-6465 Zone transfer controls for writable DLZ zones were not effective

Version: 1:9.10.3.dfsg.P4-8ubuntu1.11 2018-09-20 09:06:55 UTC

  bind9 (1:9.10.3.dfsg.P4-8ubuntu1.11) xenial-security; urgency=medium

  * SECURITY UPDATE: denial of service crash when deny-answer-aliases
    option is used
    - debian/patches/CVE-2018-5740.patch: explicit DNAME query could
      trigger a crash if deny-answer-aliases was set
    - CVE-2018-5740

 -- Marc Deslauriers <email address hidden> Wed, 19 Sep 2018 14:18:30 +0200

Source diff to previous version
CVE-2018-5740 A flaw in the "deny-answer-aliases" feature can cause an INSIST assertion failure in named

Version: 1:9.10.3.dfsg.P4-8ubuntu1.10 2018-01-17 14:06:45 UTC

  bind9 (1:9.10.3.dfsg.P4-8ubuntu1.10) xenial-security; urgency=medium

  * SECURITY UPDATE: assertion failure via improper cleanup
    - debian/patches/CVE-2017-3145.patch: fix cleanup handling in
      lib/dns/resolver.c.
    - CVE-2017-3145

 -- Marc Deslauriers <email address hidden> Tue, 16 Jan 2018 07:27:16 -0500

CVE-2017-3145 Improper fetch cleanup sequencing in the resolver can cause named to crash



About   -   Send Feedback to @ubuntu_updates