Package "bind9-dnsutils"
Name: |
bind9-dnsutils
|
Description: |
Clients provided with BIND 9
|
Latest version: |
1:9.18.28-0ubuntu0.22.04.1 |
Release: |
jammy (22.04) |
Level: |
updates |
Repository: |
main |
Head package: |
bind9 |
Homepage: |
https://www.isc.org/downloads/bind/ |
Links
Download "bind9-dnsutils"
Other versions of "bind9-dnsutils" in Jammy
Changelog
bind9 (1:9.18.12-0ubuntu0.22.04.2) jammy-security; urgency=medium
* SECURITY UPDATE: Configured cache size limit can be significantly
exceeded
- debian/patches/CVE-2023-2828.patch: fix cache expiry in
lib/dns/rbtdb.c.
- CVE-2023-2828
* SECURITY UPDATE: Exceeding the recursive-clients quota may cause named
to terminate unexpectedly when stale-answer-client-timeout is set to 0
- debian/patches/CVE-2023-2911.patch: fix refreshing queries in
lib/ns/query.c.
- CVE-2023-2911
-- Marc Deslauriers <email address hidden> Tue, 20 Jun 2023 08:29:34 -0400
|
Source diff to previous version |
CVE-2023-2828 |
named's configured cache size limit can be significantly exceeded |
CVE-2023-2911 |
Exceeding the recursive-clients quota may cause named to terminate unexpectedly when stale-answer-client-timeout is set to 0 |
|
bind9 (1:9.18.12-0ubuntu0.22.04.1) jammy; urgency=medium
* New upstream releases 9.18.2 - 9.18.12 (LP: #2003586)
- Updates:
+ update-quota option
+ named -V shows supported cryptographic algorithms
+ Catalog Zones schema version 2 support in named
+ DNS error support Stale Answer and Stale NXDOMAIN Answer
+ Remote TLS certificate verification support
+ reusereport option
- Bug Fixes Include:
+ Fix crash when using dig with +nssearch and +tcp (LP: #1258003)
+ Fix incomplete results using dig with +nssearch (LP: #1970252)
+ Fix loading of preinstalled plugins (LP: #2006972)
+ CVE-2022-2795, CVE-2022-2881, CVE-2022-2906, CVE-2022-3080,
CVE-2022-38178, CVE-2022-3094, CVE-2022-3736, CVE-2022-3924,
CVE-2022-1183
+ Fix thread safety in dns_dispatch
+ Fix ADB quota management in resolver
+ Fix Prohibited DNS error on allow-recursion
+ Fix crash when restarting server with active statschannel connection
+ Fix use after free for catalog zone processing
+ Fix leak of dns_keyfileio_t objects
+ Fix nslookup failure to use port option when record type ANY is used
+ Fix crash on dnssec-policy zone with NSEC3 and inline-signing turned on
+ Fix inheritance when setting remote server port
+ Fix assertion error when accessing statistics channel
+ Fix rndc dumpdb -expired for stuck cache
+ Fix check for other name servers after receiving FORMERR
+ Fix deletion of CDS after zone sign
+ Fix dighost query context management
+ Fix dig hanging due to IPv4 mapped IPv6 address
+ See https://bind9.readthedocs.io/en/v9_18_12/notes.html#notes-for-bind-9-18-12
for additional bug fixes and information
* Improve dep-8 test suite (LP: #2003584):
- d/t/zonetest: Add dep8 test for checking the domain zone creation process
- d/t/control: Add new test outline
* d/bind9-doc.docs: Stop installing removed file doc/misc/options.active
* Remove patches for bugs LP #1964400 and LP #1964686 fixed upstream:
- lp1964400-lp1964686-Fix-an-issue-in-dig-when-retrying-with-the-next-serv
- lp1964400-lp1964686-When-resending-a-UDP-request-insert-the-query-to-the
- lp1964400-lp1964686-Add-digdelv-system-test-to-check-timed-out-result-fo
- lp1964400-lp1964686-After-dig-request-errors-try-to-use-other-servers-wh
- lp1964400-lp1964686-Add-digdelv-system-test-to-check-that-dig-tries-othe
- lp1964400-lp1964686-Fix-dig-error-when-trying-the-next-server-after-a-TC
- lp1964400-lp1964686-Add-various-dig-host-tests-for-TCP-UDP-socket-error-
* Remove CVE patches fixed upstream:
- debian/patches/CVE-2022-1183.patch
[Included in upstream release 9.18.3]
- debian/patches/CVE-2022-2795.patch
- debian/patches/CVE-2022-2881.patch
- debian/patches/CVE-2022-2906.patch
- debian/patches/CVE-2022-3080.patch
- debian/patches/CVE-2022-38178.patch
[Included in upstream release 9.18.7]
- debian/patches/CVE-2022-3094.patch
- debian/patches/CVE-2022-3736.patch
- debian/patches/CVE-2022-3924.patch
[Included in upstream release 9.18.11]
-- Lena Voytek <email address hidden> Wed, 08 Mar 2023 12:08:55 -0700
|
Source diff to previous version |
2003586 |
MRE Updates 9.18.12 / 9.16.36 |
1258003 |
DiG crashes on +nssearch with +tcp in bind9 9.18 |
1970252 |
The `dig` and `host` commands core dump or give incomplete results in Ubuntu 22.04 |
2006972 |
bind9 can't load preinstalled plugins |
2003584 |
Add better DEP-8 tests |
1964400 |
host crashes with SIGABRT in isc_assertion_failed() |
1964686 |
Command \ |
CVE-2022-2795 |
Processing large delegations may severely degrade resolver performance |
CVE-2022-2881 |
Buffer overread in statistics channel code |
CVE-2022-2906 |
Memory leaks in code handling Diffie-Hellman key exchange via TKEY RRs |
CVE-2022-3080 |
BIND 9 resolvers configured to answer from stale cache with zero stale-answer-client-timeout may terminate unexpectedly |
CVE-2022-38178 |
Memory leaks in EdDSA DNSSEC verification code |
CVE-2022-3094 |
Sending a flood of dynamic DNS updates may cause `named` to allocate large amounts of memory. This, in turn, may cause `named` to exit due to a lack |
CVE-2022-3736 |
BIND 9 resolver can crash when stale cache and stale answers are enabled, option `stale-answer-client-timeout` is set to a positive integer, and the |
CVE-2022-3924 |
This issue can affect BIND 9 resolvers with `stale-answer-enable yes;` that also make use of the option `stale-answer-client-timeout`, configured wit |
CVE-2022-1183 |
RESERVED |
|
bind9 (1:9.18.1-1ubuntu1.3) jammy-security; urgency=medium
* SECURITY UPDATE: An UPDATE message flood may cause named to exhaust all
available memory
- debian/patches/CVE-2022-3094.patch: add counter in
bin/named/bind9.xsl, bin/named/statschannel.c, doc/arm/reference.rst,
lib/ns/include/ns/server.h, lib/ns/include/ns/stats.h,
lib/ns/server.c, lib/ns/update.c.
- CVE-2022-3094
* SECURITY UPDATE: named configured to answer from stale cache may
terminate unexpectedly while processing RRSIG queries
- debian/patches/CVE-2022-3736.patch: fix logic in lib/ns/query.c.
- CVE-2022-3736
* SECURITY UPDATE: named configured to answer from stale cache may
terminate unexpectedly at recursive-clients soft quota
- debian/patches/CVE-2022-3924.patch: improve logic in
lib/dns/resolver.c, lib/ns/query.c.
- CVE-2022-3924
-- Marc Deslauriers <email address hidden> Tue, 24 Jan 2023 08:18:53 -0500
|
Source diff to previous version |
bind9 (1:9.18.1-1ubuntu1.2) jammy-security; urgency=medium
* SECURITY UPDATE: Processing large delegations may severely degrade
resolver performance
- debian/patches/CVE-2022-2795.patch: add limit to lib/dns/resolver.c.
- CVE-2022-2795
* SECURITY UPDATE: Buffer overread in statistics channel code
- debian/patches/CVE-2022-2881.patch: clear buffer in lib/isc/httpd.c.
- CVE-2022-2881
* SECURITY UPDATE: Memory leaks in code handling Diffie-Hellman key
exchange via TKEY RRs
- debian/patches/CVE-2022-2906.patch: adjust return code handling in
lib/dns/openssldh_link.c.
- CVE-2022-2906
* SECURITY UPDATE: resolvers configured to answer from cache with zero
stale-answer-timeout may terminate unexpectedly
- debian/patches/CVE-2022-3080.patch: refactor stale RRset handling in
lib/ns/include/ns/query.h, lib/ns/query.c.
- CVE-2022-3080
* SECURITY UPDATE: memory leaks in EdDSA DNSSEC verification code
- debian/patches/CVE-2022-38178.patch: fix return handling in
lib/dns/openssleddsa_link.c.
- CVE-2022-38178
-- Marc Deslauriers <email address hidden> Tue, 20 Sep 2022 07:51:26 -0400
|
Source diff to previous version |
CVE-2022-2795 |
Processing large delegations may severely degrade resolver performance |
CVE-2022-2881 |
Buffer overread in statistics channel code |
CVE-2022-2906 |
Memory leaks in code handling Diffie-Hellman key exchange via TKEY RRs |
CVE-2022-3080 |
BIND 9 resolvers configured to answer from stale cache with zero stale-answer-client-timeout may terminate unexpectedly |
CVE-2022-38178 |
Memory leaks in EdDSA DNSSEC verification code |
|
bind9 (1:9.18.1-1ubuntu1.1) jammy-security; urgency=medium
* SECURITY UPDATE: Destroying a TLS session early causes assertion
failure
- debian/patches/CVE-2022-1183.patch: fix destroying logic in
lib/isc/netmgr/netmgr-int.h, lib/isc/netmgr/tlsstream.c.
- CVE-2022-1183
-- Marc Deslauriers <email address hidden> Tue, 17 May 2022 07:38:24 -0400
|
|
About
-
Send Feedback to @ubuntu_updates