bind9 (1:9.8.1.dfsg.P1-4ubuntu0.32) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: off-by-one bug in ISC SPNEGO implementation
    - properly calculate length in lib/dns/spnego.c.
    - CVE-2020-8625

bind9 (1:9.8.1.dfsg.P1-4ubuntu0.31) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: A truncated TSIG response can lead to an assertion
    failure
    - debian/patches/CVE-2020-8622.patch: move code in lib/dns/message.c.
    - CVE-2020-8622

bind9 (1:9.8.1.dfsg.P1-4ubuntu0.30) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: BIND does not sufficiently limit the number of fetches
    performed when processing referrals
    - further limit the number of
      queries that can be triggered from a request in lib/dns/adb.c,
      lib/dns/include/dns/adb.h, lib/dns/resolver.c.
    - CVE-2020-8616
  * SECURITY UPDATE: A logic error in code which checks TSIG validity can
    be used to trigger an assertion failure in tsig.c
    - don't allow replaying a TSIG
      BADTIME response in lib/dns/tsig.c.
    - CVE-2020-8617

bind9 (1:9.8.1.dfsg.P1-4ubuntu0.29) precise-security; urgency=medium

  * Segfault: 'host' command could die if a UDP query timed out.
    commit adec9654d0177df1955a58409ab802106ac61bea at branch v9.8.

bind9 (1:9.8.1.dfsg.P1-4ubuntu0.28) precise-security; urgency=medium

  * SECURITY UPDATE: limiting simultaneous TCP clients is ineffective
    - debian/patches/CVE-2018-5743.patch: add reference counting in
      bin/named/client.c, bin/named/include/named/client.h,
      bin/named/include/named/interfacemgr.h, bin/named/interfacemgr.c,
      lib/isc/include/isc/quota.h, lib/isc/quota.c,
      lib/isc/win32/libisc.def.in.
    - debian/patches/CVE-2018-5743-atomic-fix.patch: replace atomic
      operations with isc_refcount reference counting in
      bin/named/client.c, bin/named/include/named/interfacemgr.h,
      bin/named/interfacemgr.c.
    - CVE-2018-5743

bind9 (1:9.8.1.dfsg.P1-4ubuntu0.27) precise-security; urgency=medium

  * SECURITY UPDATE: assertion failure when a trust anchor rolls over to an
    unsupported key algorithm when using managed-keys
    - lib/dns/zone.c: enhance rfc 5011 logging
    - lib/dns/include/dst/dst.h, lib/dns/zone.c: properly handle situations
      when the key tag cannot be computed.
    - CVE-2018-5745
  * SECURITY UPDATE: Controls for zone transfers may not be properly
    applied to Dynamically Loadable Zones (DLZs) if the zones are writable
    - bin/named/xfrout.c: handle zone transfers marked in the zone table as
      a DLZ zone.
    - CVE-2019-6465

bind9 (1:9.8.1.dfsg.P1-4ubuntu0.26) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service crash when deny-answer-aliases
    option is used
    - lib/dns/resolver.c: explicit DNAME query could trigger a crash if
      deny-answer-aliases was set
    - Patch backported from 9.9.13-P1.
    - CVE-2018-5740

bind9 (1:9.8.1.dfsg.P1-4ubuntu0.25) precise-security; urgency=medium

  * SECURITY UPDATE: Assertion failure causing denial of service
    - lib/dns/validator.c and adds a couple of tests.
    - CVE-2018-5735

bind9 (1:9.8.1.dfsg.P1-4ubuntu0.24) precise-security; urgency=medium

  * SECURITY UPDATE: assertion failure via improper cleanup
    - lib/dns/resolver.c: fix cleanup handling.
    - Patch backported from 9.9.11-P1.
    - CVE-2017-3145

bind9 (1:9.8.1.dfsg.P1-4ubuntu0.23) precise-security; urgency=medium

  * SECURITY UPDATE: TSIG authentication issues and regression
    - fix verification of TSIG signed TCP message sequences where not all
      the messages contain TSIG records in lib/dns/tsig.c, aded test to
      lib/dns/tests/Makefile.in, lib/dns/tests/tsig_test.c, lib/dns/dnssec.c,
      lib/dns/message.c.
    - 6fcdcabc11f18eb128167f7f7eca4a244bf75c52
    - CVE-2017-3142
    - CVE-2017-3143
  * Update the built in managed keys to include the upcoming root KSK in
    bind.keys, bin/named/bind.keys.h.
    - 9543825c155c5c5ec42cc4d95fe6f0d52ef9b0a7

Date: 2021-02-26 17:19:10.680808+00:00
Changed-By: Avital Ostromich <avital.ostrom...@canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-ro...@lists.canonical.com>
https://launchpad.net/ubuntu/+source/bind9/1:9.8.1.dfsg.P1-4ubuntu0.32
Sorry, changesfile not available.
-- 
Precise-changes mailing list
Precise-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/precise-changes

Reply via email to