UbuntuUpdates.org

Package "bind9"

Name: bind9

Description:

Internet Domain Name Server
Latest version: 1:9.16.1-0ubuntu2.9
Release: focal (20.04)
Level: updates
Repository: main
Homepage: https://www.isc.org/downloads/bind/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "bind9"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "bind9" in Focal

Repository Area Version
base main 1:9.16.1-0ubuntu2
base universe 1:9.16.1-0ubuntu2
security main 1:9.16.1-0ubuntu2.9
security universe 1:9.16.1-0ubuntu2.9
updates universe 1:9.16.1-0ubuntu2.9

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1:9.16.1-0ubuntu2.9 2021-10-28 12:06:22 UTC

  bind9 (1:9.16.1-0ubuntu2.9) focal-security; urgency=medium

  * SECURITY UPDATE: resolver performance degradation via lame cache abuse
    - debian/patches/CVE-2021-25219.patch: disable lame cache in
      bin/named/config.c, bin/named/server.c, lib/dns/resolver.c.
    - CVE-2021-25219

 -- Marc Deslauriers <email address hidden> Wed, 27 Oct 2021 07:00:32 -0400
Source diff to previous version
CVE-2021-25219 In BIND 9.3.0 -&gt; 9.11.35, 9.12.0 -&gt; 9.16.21, and versions 9.9.3- ...

Version: 1:9.16.1-0ubuntu2.8 2021-04-29 14:06:27 UTC

  bind9 (1:9.16.1-0ubuntu2.8) focal-security; urgency=medium

  * SECURITY UPDATE: DoS via broken inbound incremental zone update (IXFR)
    - debian/patches/CVE-2021-25214.patch: immediately reject the entire
      transfer for certain RR in lib/dns/xfrin.c.
    - CVE-2021-25214
  * SECURITY UPDATE: assert via answering certain queries for DNAME records
    - debian/patches/CVE-2021-25215.patch: fix assert checks in
      lib/ns/query.c.
    - CVE-2021-25215
  * SECURITY UPDATE: overflow in BIND's GSSAPI security policy negotiation
    - debian/rules: build with --disable-isc-spnego to disable internal
      SPNEGO and use the one from the kerberos libraries.
    - CVE-2021-25216

 -- Marc Deslauriers <email address hidden> Tue, 27 Apr 2021 07:15:23 -0400
Source diff to previous version
CVE-2021-25214 In BIND 9.8.5 -&gt; 9.8.8, 9.9.3 -&gt; 9.11.29, 9.12.0 -&gt; 9.16.13, ...
CVE-2021-25215 In BIND 9.0.0 -&gt; 9.11.29, 9.12.0 -&gt; 9.16.13, and versions BIND 9 ...
CVE-2021-25216 In BIND 9.5.0 -&gt; 9.11.29, 9.12.0 -&gt; 9.16.13, and versions BIND 9 ...

Version: 1:9.16.1-0ubuntu2.7 2021-03-01 13:06:24 UTC

  bind9 (1:9.16.1-0ubuntu2.7) focal; urgency=medium

  * Fix a race between deactivating socket handle and processing
    async callbacks, which can lead to sockets not being closed
    properly, exhausting TCP connection limits. (LP: #1909950)
    - d/p/lp-1909950-fix-race-between-deactivating-handle-async-callback.patch

 -- Matthew Ruffell <email address hidden> Thu, 18 Feb 2021 16:28:44 +1300
Source diff to previous version
1909950 named: TCP connections sometimes never close due to race in socket teardown

Version: 1:9.16.1-0ubuntu2.6 2021-02-18 15:06:22 UTC

  bind9 (1:9.16.1-0ubuntu2.6) focal-security; urgency=medium

  * SECURITY UPDATE: off-by-one bug in ISC SPNEGO implementation
    - debian/patches/CVE-2020-8625.patch: properly calculate length in
      lib/dns/spnego.c.
    - CVE-2020-8625
  * This update does _not_ contain the changes from 1:9.16.1-0ubuntu2.5 in
    focal-proposed.

 -- Marc Deslauriers <email address hidden> Tue, 16 Feb 2021 15:08:33 -0500
Source diff to previous version
CVE-2020-8625 BIND servers are vulnerable if they are running an affected version an ...

Version: 1:9.16.1-0ubuntu2.4 2020-10-26 11:06:19 UTC

  bind9 (1:9.16.1-0ubuntu2.4) focal; urgency=medium

  * Fix rare condition that can break bind9 with a crash (LP: #1896740)
    - 0003-Print-diagnostics-on-dns_name_issubdomain-failure-in.patch

 -- Christian Ehrhardt <email address hidden> Mon, 28 Sep 2020 12:30:22 +0200
1896740 BIND crashes with failed assertion INSIST(dns_name_issubdomain(\u0026fctx-\u003ename, \u0026fctx-\u003edomain))


About   -   Send Feedback to @ubuntu_updates