Package "libdns100"
Name: |
libdns100
|
Description: |
DNS Shared Library used by BIND
|
Latest version: |
1:9.9.5.dfsg-3ubuntu0.19 |
Release: |
trusty (14.04) |
Level: |
updates |
Repository: |
main |
Head package: |
bind9 |
Links
Download "libdns100"
Other versions of "libdns100" in Trusty
Changelog
bind9 (1:9.9.5.dfsg-3ubuntu0.14) trusty-security; urgency=medium
* SECURITY UPDATE: Denial of Service due to an error handling
synthesized records when using DNS64 with "break-dnssec yes;"
- bin/named/query.c: reset noqname if query_dns64() called.
- CVE-2017-3136
* SECURITY UPDATE: Denial of Service due to resolver terminating when
processing a response packet containing a CNAME or DNAME
- lib/dns/resolver.c: don't expect a specific
ordering of answer components
- lib/dns/name.c: remove part of assertion that triggers in
dns_name_split() (partial cherrypick of upstream
dc3912f3caac1104fef441fd18571b7a975708ea
- bin/tests/system/dname/ns2/example.db,
bin/tests/system/dname/tests.sh: add testcases.
- CVE-2017-3137
* SECURITY UPDATE: Denial of Service when receiving a null command on
the control channel
- lib/isc/lex.c, lib/isc/include/isc/lex.h: don't throw an assert if no
command token is given
- bin/tests/system/rndc/tests.sh: add testcase.
- CVE-2017-3138
-- Steve Beattie <email address hidden> Wed, 12 Apr 2017 09:45:52 -0700
|
Source diff to previous version |
CVE-2017-3136 |
An error handling synthesized records could cause an assertion failure when using DNS64 with "break-dnssec yes;" |
CVE-2017-3137 |
A response packet can cause a resolver to terminate when processing an answer containing a CNAME or DNAME |
CVE-2017-3138 |
named exits with a REQUIRE assertion failure if it receives a null command string on its control channel |
|
bind9 (1:9.9.5.dfsg-3ubuntu0.13) trusty-security; urgency=medium
* SECURITY UPDATE: Combining dns64 and rpz can result in dereferencing
a NULL pointer
- bin/named/query.c, lib/dns/message.c, lib/dns/rdataset.c: properly
handle dns64 and rpz combination.
- CVE-2017-3135
* SECURITY UPDATE: regression in CVE-2016-8864
- lib/dns/resolver.c: synthesised CNAME before matching DNAME was still
being cached when it should have been,
- bin/tests/system/dname/ans3/ans.pl,
bin/tests/system/dname/ns1/root.db, bin/tests/system/dname/tests.sh:
added tests.
- No CVE number
-- Marc Deslauriers <email address hidden> Wed, 15 Feb 2017 09:19:14 -0500
|
Source diff to previous version |
CVE-2016-8864 |
A problem handling responses containing a DNAME answer can lead to an assertion failure |
|
bind9 (1:9.9.5.dfsg-3ubuntu0.12) trusty; urgency=medium
* Backport (70_precise_mtime.diff) 18b87b2a58d422fe4d3073540bf89b5a812ed2e5
to trusty. LP: #1553176
-- LaMont Jones <email address hidden> Fri, 03 Feb 2017 13:13:21 -0700
|
Source diff to previous version |
1553176 |
BIND ignores nanoseconds field in timestamps, fails to load newer versions of zones on reload |
|
bind9 (1:9.9.5.dfsg-3ubuntu0.11) trusty-security; urgency=medium
* SECURITY UPDATE: assertion failure via class mismatch
- lib/dns/resolver.c: properly handle certain TKEY records.
- CVE-2016-9131
* SECURITY UPDATE: assertion failure via inconsistent DNSSEC information
- lib/dns/resolver.c: fix logic when records are returned without the
requested data.
- CVE-2016-9147
* SECURITY UPDATE: assertion failure via unusually-formed DS record
- lib/dns/message.c, lib/dns/resolver.c: handle missing RRSIGs.
- CVE-2016-9444
* SECURITY UPDATE: regression in CVE-2016-8864
- lib/dns/resolver.c: properly handle CNAME -> DNAME in responses,
added tests to bin/tests/system/dname/ns2/example.db,
bin/tests/system/dname/tests.sh.
- No CVE number
-- Marc Deslauriers <email address hidden> Mon, 09 Jan 2017 09:27:53 -0500
|
Source diff to previous version |
CVE-2016-9131 |
A malformed response to an ANY query can cause an assertion failure during recursion |
CVE-2016-9147 |
An error handling a query response containing inconsistent DNSSEC information could cause an assertion failure |
CVE-2016-9444 |
An unusually-formed DS record response could cause an assertion failure |
CVE-2016-8864 |
A problem handling responses containing a DNAME answer can lead to an assertion failure |
|
bind9 (1:9.9.5.dfsg-3ubuntu0.10) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service via responses containing a DNAME
answer
- lib/dns/resolver.c: remove assertion failure.
- patch backported from 9.9.9-P4.
- CVE-2016-8864
-- Marc Deslauriers <email address hidden> Mon, 31 Oct 2016 08:57:15 -0400
|
CVE-2016-8864 |
A problem handling responses containing a DNAME answer can lead to an assertion failure |
|
About
-
Send Feedback to @ubuntu_updates