UbuntuUpdates.org

Package "bind9"

Name: bind9

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Transitional package for bind9-utils
  • Transitional package for bind9-dnsutils
Latest version: 1:9.18.12-1ubuntu1.2
Release: lunar (23.04)
Level: security
Repository: universe

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "bind9" in Lunar

Repository Area Version
base main 1:9.18.12-1ubuntu1
base universe 1:9.18.12-1ubuntu1
security main 1:9.18.12-1ubuntu1.2
updates main 1:9.18.18-0ubuntu0.23.04.1
updates universe 1:9.18.18-0ubuntu0.23.04.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1:9.18.12-1ubuntu1.2 2023-09-20 16:08:43 UTC

  bind9 (1:9.18.12-1ubuntu1.2) lunar-security; urgency=medium

  * SECURITY UPDATE: DoS via recusive packet parsing
    - debian/patches/CVE-2023-3341.patch: add a max depth check to
      lib/isc/include/isc/result.h, lib/isc/result.c, lib/isccc/cc.c.
    - CVE-2023-3341
  * SECURITY UPDATE: Dos via DNS-over-TLS queries
    - debian/patches/CVE-2023-4236.patch: check return code in
      lib/isc/netmgr/tlsdns.c.
    - CVE-2023-4236

 -- Marc Deslauriers <email address hidden> Tue, 19 Sep 2023 07:18:28 -0400
Source diff to previous version
CVE-2023-3341 A stack exhaustion flaw in control channel code may cause named to terminate unexpectedly
CVE-2023-4236 named may terminate unexpectedly under high DNS-over-TLS query load

Version: 1:9.18.12-1ubuntu1.1 2023-06-21 19:07:09 UTC

  bind9 (1:9.18.12-1ubuntu1.1) lunar-security; urgency=medium

  * SECURITY UPDATE: Configured cache size limit can be significantly
    exceeded
    - debian/patches/CVE-2023-2828.patch: fix cache expiry in
      lib/dns/rbtdb.c.
    - CVE-2023-2828
  * SECURITY UPDATE: Exceeding the recursive-clients quota may cause named
    to terminate unexpectedly when stale-answer-client-timeout is set to 0
    - debian/patches/CVE-2023-2911.patch: fix refreshing queries in
      lib/ns/query.c.
    - CVE-2023-2911

 -- Marc Deslauriers <email address hidden> Tue, 20 Jun 2023 08:24:50 -0400
CVE-2023-2828 named's configured cache size limit can be significantly exceeded
CVE-2023-2911 Exceeding the recursive-clients quota may cause named to terminate unexpectedly when stale-answer-client-timeout is set to 0


About   -   Send Feedback to @ubuntu_updates