UbuntuUpdates.org

Package "bind9"

Name: bind9

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Transitional package for bind9-utils
  • Transitional package for bind9-dnsutils

Latest version: 1:9.16.48-0ubuntu0.20.04.1
Release: focal (20.04)
Level: security
Repository: universe

Links



Other versions of "bind9" in Focal

Repository Area Version
base main 1:9.16.1-0ubuntu2
base universe 1:9.16.1-0ubuntu2
security main 1:9.16.48-0ubuntu0.20.04.1
updates universe 1:9.16.48-0ubuntu0.20.04.1
updates main 1:9.16.48-0ubuntu0.20.04.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1:9.16.1-0ubuntu2.10 2022-03-17 13:06:23 UTC

  bind9 (1:9.16.1-0ubuntu2.10) focal-security; urgency=medium

  * SECURITY UPDATE: cache poisoning via bogus NS records
    - debian/patches/CVE-2021-25220.patch: tighten rules for acceptance of
      records into the cache in lib/dns/resolver.c.
    - CVE-2021-25220

 -- Marc Deslauriers <email address hidden> Tue, 15 Mar 2022 10:11:35 -0400

Source diff to previous version
CVE-2021-25220 DNS forwarders - cache poisoning vulnerability

Version: 1:9.16.1-0ubuntu2.9 2021-10-28 12:06:24 UTC

  bind9 (1:9.16.1-0ubuntu2.9) focal-security; urgency=medium

  * SECURITY UPDATE: resolver performance degradation via lame cache abuse
    - debian/patches/CVE-2021-25219.patch: disable lame cache in
      bin/named/config.c, bin/named/server.c, lib/dns/resolver.c.
    - CVE-2021-25219

 -- Marc Deslauriers <email address hidden> Wed, 27 Oct 2021 07:00:32 -0400

Source diff to previous version
CVE-2021-25219 In BIND 9.3.0 -&gt; 9.11.35, 9.12.0 -&gt; 9.16.21, and versions 9.9.3- ...

Version: 1:9.16.1-0ubuntu2.8 2021-04-29 13:06:29 UTC

  bind9 (1:9.16.1-0ubuntu2.8) focal-security; urgency=medium

  * SECURITY UPDATE: DoS via broken inbound incremental zone update (IXFR)
    - debian/patches/CVE-2021-25214.patch: immediately reject the entire
      transfer for certain RR in lib/dns/xfrin.c.
    - CVE-2021-25214
  * SECURITY UPDATE: assert via answering certain queries for DNAME records
    - debian/patches/CVE-2021-25215.patch: fix assert checks in
      lib/ns/query.c.
    - CVE-2021-25215
  * SECURITY UPDATE: overflow in BIND's GSSAPI security policy negotiation
    - debian/rules: build with --disable-isc-spnego to disable internal
      SPNEGO and use the one from the kerberos libraries.
    - CVE-2021-25216

 -- Marc Deslauriers <email address hidden> Tue, 27 Apr 2021 07:15:23 -0400

Source diff to previous version
CVE-2021-25214 In BIND 9.8.5 -&gt; 9.8.8, 9.9.3 -&gt; 9.11.29, 9.12.0 -&gt; 9.16.13, ...
CVE-2021-25215 In BIND 9.0.0 -&gt; 9.11.29, 9.12.0 -&gt; 9.16.13, and versions BIND 9 ...
CVE-2021-25216 In BIND 9.5.0 -&gt; 9.11.29, 9.12.0 -&gt; 9.16.13, and versions BIND 9 ...

Version: 1:9.16.1-0ubuntu2.6 2021-02-18 14:06:23 UTC

  bind9 (1:9.16.1-0ubuntu2.6) focal-security; urgency=medium

  * SECURITY UPDATE: off-by-one bug in ISC SPNEGO implementation
    - debian/patches/CVE-2020-8625.patch: properly calculate length in
      lib/dns/spnego.c.
    - CVE-2020-8625
  * This update does _not_ contain the changes from 1:9.16.1-0ubuntu2.5 in
    focal-proposed.

 -- Marc Deslauriers <email address hidden> Tue, 16 Feb 2021 15:08:33 -0500

Source diff to previous version
CVE-2020-8625 BIND servers are vulnerable if they are running an affected version an ...

Version: 1:9.16.1-0ubuntu2.3 2020-08-21 14:06:23 UTC

  bind9 (1:9.16.1-0ubuntu2.3) focal-security; urgency=medium

  * SECURITY UPDATE: A specially crafted large TCP payload can trigger an
    assertion failure
    - debian/patches/CVE-2020-8620.patch: add extra checks to
      lib/isc/netmgr/netmgr-int.h, lib/isc/netmgr/netmgr.c,
      lib/isc/netmgr/tcp.c, lib/isc/netmgr/udp.c.
    - CVE-2020-8620
  * SECURITY UPDATE: Attempting QNAME minimization after forwarding can
    lead to an assertion failure
    - debian/patches/CVE-2020-8621.patch: disable QNAME minimization in
      lib/dns/resolver.c.
    - CVE-2020-8621
  * SECURITY UPDATE: A truncated TSIG response can lead to an assertion
    failure
    - debian/patches/CVE-2020-8622.patch: move code in lib/dns/message.c.
    - CVE-2020-8622
  * SECURITY UPDATE: A flaw in native PKCS#11 code can lead to a remotely
    triggerable assertion failure
    - debian/patches/CVE-2020-8623.patch: add extra checks in
      lib/dns/pkcs11rsa_link.c, lib/isc/include/pk11/internal.h,
      lib/isc/pk11.c.
    - CVE-2020-8623
  * SECURITY UPDATE: update-policy rules of type subdomain were enforced
    incorrectly
    - debian/patches/CVE-2020-8624.patch: add extra check in
      bin/named/zoneconf.c.
    - CVE-2020-8624

 -- Marc Deslauriers <email address hidden> Tue, 18 Aug 2020 07:38:53 -0400




About   -   Send Feedback to @ubuntu_updates