UbuntuUpdates.org

Package "bind9"

Name: bind9

Description:

Internet Domain Name Server
Latest version: 1:9.18.30-0ubuntu0.22.04.2
Release: jammy (22.04)
Level: security
Repository: main
Homepage: https://www.isc.org/downloads/bind/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "bind9"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "bind9" in Jammy

Repository Area Version
base main 1:9.18.1-1ubuntu1
base universe 1:9.18.1-1ubuntu1
security universe 1:9.18.30-0ubuntu0.22.04.2
updates universe 1:9.18.30-0ubuntu0.22.04.2
updates main 1:9.18.30-0ubuntu0.22.04.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1:9.18.1-1ubuntu1.3 2023-01-25 20:07:05 UTC

  bind9 (1:9.18.1-1ubuntu1.3) jammy-security; urgency=medium

  * SECURITY UPDATE: An UPDATE message flood may cause named to exhaust all
    available memory
    - debian/patches/CVE-2022-3094.patch: add counter in
      bin/named/bind9.xsl, bin/named/statschannel.c, doc/arm/reference.rst,
      lib/ns/include/ns/server.h, lib/ns/include/ns/stats.h,
      lib/ns/server.c, lib/ns/update.c.
    - CVE-2022-3094
  * SECURITY UPDATE: named configured to answer from stale cache may
    terminate unexpectedly while processing RRSIG queries
    - debian/patches/CVE-2022-3736.patch: fix logic in lib/ns/query.c.
    - CVE-2022-3736
  * SECURITY UPDATE: named configured to answer from stale cache may
    terminate unexpectedly at recursive-clients soft quota
    - debian/patches/CVE-2022-3924.patch: improve logic in
      lib/dns/resolver.c, lib/ns/query.c.
    - CVE-2022-3924

 -- Marc Deslauriers <email address hidden> Tue, 24 Jan 2023 08:18:53 -0500
Source diff to previous version

Version: 1:9.18.1-1ubuntu1.2 2022-09-21 14:07:29 UTC

  bind9 (1:9.18.1-1ubuntu1.2) jammy-security; urgency=medium

  * SECURITY UPDATE: Processing large delegations may severely degrade
    resolver performance
    - debian/patches/CVE-2022-2795.patch: add limit to lib/dns/resolver.c.
    - CVE-2022-2795
  * SECURITY UPDATE: Buffer overread in statistics channel code
    - debian/patches/CVE-2022-2881.patch: clear buffer in lib/isc/httpd.c.
    - CVE-2022-2881
  * SECURITY UPDATE: Memory leaks in code handling Diffie-Hellman key
    exchange via TKEY RRs
    - debian/patches/CVE-2022-2906.patch: adjust return code handling in
      lib/dns/openssldh_link.c.
    - CVE-2022-2906
  * SECURITY UPDATE: resolvers configured to answer from cache with zero
    stale-answer-timeout may terminate unexpectedly
    - debian/patches/CVE-2022-3080.patch: refactor stale RRset handling in
      lib/ns/include/ns/query.h, lib/ns/query.c.
    - CVE-2022-3080
  * SECURITY UPDATE: memory leaks in EdDSA DNSSEC verification code
    - debian/patches/CVE-2022-38178.patch: fix return handling in
      lib/dns/openssleddsa_link.c.
    - CVE-2022-38178

 -- Marc Deslauriers <email address hidden> Tue, 20 Sep 2022 07:51:26 -0400
Source diff to previous version
CVE-2022-2795 Processing large delegations may severely degrade resolver performance
CVE-2022-2881 Buffer overread in statistics channel code
CVE-2022-2906 Memory leaks in code handling Diffie-Hellman key exchange via TKEY RRs
CVE-2022-3080 BIND 9 resolvers configured to answer from stale cache with zero stale-answer-client-timeout may terminate unexpectedly
CVE-2022-38178 Memory leaks in EdDSA DNSSEC verification code

Version: 1:9.18.1-1ubuntu1.1 2022-05-18 17:06:15 UTC

  bind9 (1:9.18.1-1ubuntu1.1) jammy-security; urgency=medium

  * SECURITY UPDATE: Destroying a TLS session early causes assertion
    failure
    - debian/patches/CVE-2022-1183.patch: fix destroying logic in
      lib/isc/netmgr/netmgr-int.h, lib/isc/netmgr/tlsstream.c.
    - CVE-2022-1183

 -- Marc Deslauriers <email address hidden> Tue, 17 May 2022 07:38:24 -0400
CVE-2022-1183 RESERVED


About   -   Send Feedback to @ubuntu_updates