Package "bind9-libs"
| Name: |
bind9-libs
|
Description: |
Shared Libraries used by BIND 9
|
| Latest version: |
1:9.18.30-0ubuntu0.20.04.1 |
| Release: |
focal (20.04) |
| Level: |
updates |
| Repository: |
main |
| Head package: |
bind9 |
| Homepage: |
https://www.isc.org/downloads/bind/ |
Links
Download "bind9-libs"
Other versions of "bind9-libs" in Focal
Changelog
|
bind9 (1:9.18.30-0ubuntu0.20.04.1) focal; urgency=medium
* New upstream release 9.18.30 (LP: #2073310)
- Features:
+ Print initial working directory during named startup, and changed
working directory when loading or reloading the configuration file
+ Add max-query-restarts configuration statement
- Updates:
+ Restrain named to specified number of cores when running via taskset,
cpuset, or numactl
+ Reduce default max-recursion-queries value from 100 to 32
+ Raise the log level of priming failures
- Bug Fixes:
+ Fix privacy verification of EDDSA keys
+ Fix algorithm rollover bug when there are two keys with the same keytag
+ Return SERVFAIL for a too long CNAME chain
+ Reconfigure catz member zones during named reconfiguration
+ Update key lifetime and metadata after dnssec-policy reconfiguration
+ Fix generation of 6to4-self name expansion from IPv4 address
+ Fix invalid dig +yaml output
+ Reject zero-length ALPN during SVBC ALPN text parsing
+ Fix false QNAME minimisation error being reported
+ Fix dig +timeout argument when using +http
- See https://bind9.readthedocs.io/en/v9.18.30/notes.html for additional
information.
-- Lena Voytek <email address hidden> Mon, 23 Sep 2024 17:21:48 -0400
|
| Source diff to previous version |
| 2073310 |
Backport of bind9 for focal, jammy and noble |
|
|
bind9 (1:9.18.28-0ubuntu0.20.04.1) focal-security; urgency=medium
* Updated to 9.18.28 to fix multiple security issues.
- Please see the following for a list of changes, including possibly
incompatible ones:
https://kb.isc.org/docs/changes-to-be-aware-of-when-moving-from-bind-916-to-918
- CVE-2024-0760: A flood of DNS messages over TCP may make the server
unstable
- CVE-2024-1737: BIND's database will be slow if a very large number of
RRs exist at the same name
- CVE-2024-1975: SIG(0) can be used to exhaust CPU resources
- CVE-2024-4076: Assertion failure when serving both stale cache data
and authoritative zone content
* Packaging changes required for 9.18.28:
- Dropped patches no longer required with 9.18.28:
+ 0001-Add_--install-layout=deb_to_setup.py_call.patch
+ 0002-python-fix-for-dist-packages.patch
+ 0003-Remove-the-reference-to-OPTIONS.md-it-breaks-build-o.patch
- Synced patch with jammy's 1:9.18.28-0ubuntu0.22.04.1 package:
+ always-use-standard-library-stdatomic.patch
- debian/NEWS: list changes in 9.18, taken from jammy.
- debian/*: sync most of the packaging with jammy's package, including
autopkgtests except for dyndb-ldap as the bind-dyndb-ldap package is
broken in focal.
- debian/tests/simpletest: wait a couple of seconds for the service to
actually start.
-- Marc Deslauriers <email address hidden> Tue, 16 Jul 2024 14:48:12 -0400
|
| Source diff to previous version |
|
bind9 (1:9.16.48-0ubuntu0.20.04.1) focal-security; urgency=medium
* Updated to 9.16.48 to fix multiple security issues.
- Please see the following for a list of changes, including possibly
incompatible ones:
https://downloads.isc.org/isc/bind9/9.16.48/doc/arm/html/notes.html
- CVE-2023-4408
- CVE-2023-5517
- CVE-2023-6516
- CVE-2023-50387
- CVE-2023-50868
* Packaging changes required for 9.16.48:
- Dropped patches no longer required with 9.16.48:
+ CVE-*.patch
+ fix-rebinding-protection.patch,
+ 0003-Print-diagnostics-on-dns_name_issubdomain-failure-in.patch
+ lp-1909950-fix-race-between-deactivating-handle-async-callback.patch
+ lp1997375-segfault-isc-nm-tcp-send.patch
- Synced other patches with Debian's 1:9.16.48-1 package
- debian/*.install, debian/*.links: updated with new files in 9.16.48.
- debian/rules, debian/not-installed: don't delete old -dev files, just
don't install them.
- debian/control, debian/rules: switch packages required to build
documentation.
-- Marc Deslauriers <email address hidden> Wed, 14 Feb 2024 07:49:14 -0500
|
| Source diff to previous version |
| CVE-2023-4408 |
The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS |
| CVE-2023-5517 |
A flaw in query-handling code can cause `named` to exit prematurely with an assertion failure when: - `nxdomain-redirect <domain>;` is configured, |
| CVE-2023-6516 |
To keep its cache database efficient, `named` running as a recursive resolver occasionally attempts to clean up the database. It uses several methods |
| CVE-2023-50387 |
Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU |
| CVE-2023-50868 |
The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of se |
|
|
bind9 (1:9.16.1-0ubuntu2.16) focal-security; urgency=medium
* SECURITY UPDATE: DoS via recusive packet parsing
- debian/patches/CVE-2023-3341.patch: add a max depth check to
lib/isccc/include/isccc/result.h, lib/isccc/result.c, lib/isccc/cc.c.
- CVE-2023-3341
-- Marc Deslauriers <email address hidden> Tue, 19 Sep 2023 07:22:19 -0400
|
| Source diff to previous version |
| CVE-2023-3341 |
A stack exhaustion flaw in control channel code may cause named to terminate unexpectedly |
|
|
bind9 (1:9.16.1-0ubuntu2.15) focal-security; urgency=medium
* SECURITY UPDATE: Configured cache size limit can be significantly
exceeded
- debian/patches/CVE-2023-2828.patch: fix cache expiry in
lib/dns/rbtdb.c.
- CVE-2023-2828
-- Marc Deslauriers <email address hidden> Tue, 20 Jun 2023 08:38:29 -0400
|
| CVE-2023-2828 |
named's configured cache size limit can be significantly exceeded |
|
About
-
Send Feedback to @ubuntu_updates
