Package "bind9-host"
| Name: |
bind9-host
|
Description: |
DNS Lookup Utility
|
| Latest version: |
1:9.18.39-0ubuntu0.24.04.3 |
| Release: |
noble (24.04) |
| Level: |
security |
| Repository: |
main |
| Head package: |
bind9 |
| Homepage: |
https://www.isc.org/downloads/bind/ |
Links
Download "bind9-host"
Other versions of "bind9-host" in Noble
Changelog
|
bind9 (1:9.18.39-0ubuntu0.24.04.3) noble-security; urgency=medium
* SECURITY UPDATE: Excessive NSEC3 iterations cause high CPU load during
insecure delegation validation
- debian/patches/CVE-2026-1519-1.patch: add reproducers to bin/tests/*.
- debian/patches/CVE-2026-1519-2.patch: check iterations in
isdelegation() in lib/dns/validator.c.
- debian/patches/CVE-2026-1519-3.patch: don't verify already trusted
rdatasets in lib/dns/include/dns/types.h, lib/dns/validator.c.
- debian/patches/CVE-2026-1519-4.patch: check RRset trust in
validate_neg_rrset() in lib/dns/validator.c.
- CVE-2026-1519
-- Marc Deslauriers <email address hidden> Tue, 24 Mar 2026 11:25:46 -0400
|
| Source diff to previous version |
| CVE-2026-1519 |
Excessive NSEC3 iterations cause high CPU load during insecure delegation validation |
|
|
bind9 (1:9.18.39-0ubuntu0.24.04.2) noble-security; urgency=medium
* SECURITY UPDATE: Resource exhaustion via malformed DNSKEY handling
- debian/patches/CVE-2025-8677.patch: count invalid keys as validation
failures in lib/dns/validator.c.
- CVE-2025-8677
* SECURITY UPDATE: Cache poisoning attacks with unsolicited RRs
- debian/patches/CVE-2025-40778.patch: no longer accept DNAME records
or extraneous NS records in the AUTHORITY section unless these are
received via spoofing-resistant transport in
lib/dns/include/dns/message.h, lib/dns/message.c, lib/dns/resolver.c.
- CVE-2025-40778
* SECURITY UPDATE: Cache poisoning due to weak PRNG
- debian/patches/CVE-2025-40780.patch: change internal random generator
to a cryptographically secure pseudo-random generator in
lib/isc/include/isc/random.h, lib/isc/random.c,
tests/isc/random_test.c.
- CVE-2025-40780
-- Marc Deslauriers <email address hidden> Tue, 21 Oct 2025 08:33:24 -0400
|
| Source diff to previous version |
|
|
|
bind9 (1:9.18.30-0ubuntu0.24.04.2) noble-security; urgency=medium
* SECURITY UPDATE: Many records in the additional section cause CPU
exhaustion
- debian/patches/CVE-2024-11187.patch: limit the additional processing
for large RDATA sets in bin/tests/*, lib/dns/include/dns/rdataset.h,
lib/dns/rbtdb.c, lib/dns/rdataset.c, lib/dns/resolver.c,
lib/ns/query.c.
- CVE-2024-11187
* SECURITY UPDATE: DNS-over-HTTPS implementation suffers from multiple
issues under heavy query load
- debian/patches/CVE-2024-12705.patch: fix flooding issues in
lib/isc/netmgr/http.c, lib/isc/netmgr/netmgr-int.h,
lib/isc/netmgr/netmgr.c, lib/isc/netmgr/tcp.c,
lib/isc/netmgr/tlsstream.c.
- CVE-2024-12705
-- Marc Deslauriers <email address hidden> Tue, 28 Jan 2025 09:26:30 -0500
|
| Source diff to previous version |
| CVE-2024-11187 |
Many records in the additional section cause CPU exhaustion |
| CVE-2024-12705 |
DNS-over-HTTPS implementation suffers from multiple issues under heavy query load |
|
|
bind9 (1:9.18.28-0ubuntu0.24.04.1) noble-security; urgency=medium
* Updated to 9.18.28 to fix multiple security issues.
- CVE-2024-0760: A flood of DNS messages over TCP may make the server
unstable
- CVE-2024-1737: BIND's database will be slow if a very large number of
RRs exist at the same name
- CVE-2024-1975: SIG(0) can be used to exhaust CPU resources
- CVE-2024-4076: Assertion failure when serving both stale cache data
and authoritative zone content
-- Marc Deslauriers <email address hidden> Tue, 16 Jul 2024 14:16:20 -0400
|
About
-
Send Feedback to @ubuntu_updates
