bind9 (1:9.8.1.dfsg.P1-4ubuntu0.32) precise-security; urgency=medium
[ Marc Deslauriers ]
* SECURITY UPDATE: off-by-one bug in ISC SPNEGO implementation
- properly calculate length in lib/dns/spnego.c.
- CVE-2020-8625
bind9 (1:9.8.1.dfsg.P1-4ubuntu0.31) precise-security; urgency=medium
[ Marc Deslauriers ]
* SECURITY UPDATE: A truncated TSIG response can lead to an assertion
failure
- debian/patches/CVE-2020-8622.patch: move code in lib/dns/message.c.
- CVE-2020-8622
bind9 (1:9.8.1.dfsg.P1-4ubuntu0.30) precise-security; urgency=medium
[ Marc Deslauriers ]
* SECURITY UPDATE: BIND does not sufficiently limit the number of fetches
performed when processing referrals
- further limit the number of
queries that can be triggered from a request in lib/dns/adb.c,
lib/dns/include/dns/adb.h, lib/dns/resolver.c.
- CVE-2020-8616
* SECURITY UPDATE: A logic error in code which checks TSIG validity can
be used to trigger an assertion failure in tsig.c
- don't allow replaying a TSIG
BADTIME response in lib/dns/tsig.c.
- CVE-2020-8617
bind9 (1:9.8.1.dfsg.P1-4ubuntu0.29) precise-security; urgency=medium
* Segfault: 'host' command could die if a UDP query timed out.
commit adec9654d0177df1955a58409ab802106ac61bea at branch v9.8.
bind9 (1:9.8.1.dfsg.P1-4ubuntu0.28) precise-security; urgency=medium
* SECURITY UPDATE: limiting simultaneous TCP clients is ineffective
- debian/patches/CVE-2018-5743.patch: add reference counting in
bin/named/client.c, bin/named/include/named/client.h,
bin/named/include/named/interfacemgr.h, bin/named/interfacemgr.c,
lib/isc/include/isc/quota.h, lib/isc/quota.c,
lib/isc/win32/libisc.def.in.
- debian/patches/CVE-2018-5743-atomic-fix.patch: replace atomic
operations with isc_refcount reference counting in
bin/named/client.c, bin/named/include/named/interfacemgr.h,
bin/named/interfacemgr.c.
- CVE-2018-5743
bind9 (1:9.8.1.dfsg.P1-4ubuntu0.27) precise-security; urgency=medium
* SECURITY UPDATE: assertion failure when a trust anchor rolls over to an
unsupported key algorithm when using managed-keys
- lib/dns/zone.c: enhance rfc 5011 logging
- lib/dns/include/dst/dst.h, lib/dns/zone.c: properly handle situations
when the key tag cannot be computed.
- CVE-2018-5745
* SECURITY UPDATE: Controls for zone transfers may not be properly
applied to Dynamically Loadable Zones (DLZs) if the zones are writable
- bin/named/xfrout.c: handle zone transfers marked in the zone table as
a DLZ zone.
- CVE-2019-6465
bind9 (1:9.8.1.dfsg.P1-4ubuntu0.26) precise-security; urgency=medium
* SECURITY UPDATE: denial of service crash when deny-answer-aliases
option is used
- lib/dns/resolver.c: explicit DNAME query could trigger a crash if
deny-answer-aliases was set
- Patch backported from 9.9.13-P1.
- CVE-2018-5740
bind9 (1:9.8.1.dfsg.P1-4ubuntu0.25) precise-security; urgency=medium
* SECURITY UPDATE: Assertion failure causing denial of service
- lib/dns/validator.c and adds a couple of tests.
- CVE-2018-5735
bind9 (1:9.8.1.dfsg.P1-4ubuntu0.24) precise-security; urgency=medium
* SECURITY UPDATE: assertion failure via improper cleanup
- lib/dns/resolver.c: fix cleanup handling.
- Patch backported from 9.9.11-P1.
- CVE-2017-3145
bind9 (1:9.8.1.dfsg.P1-4ubuntu0.23) precise-security; urgency=medium
* SECURITY UPDATE: TSIG authentication issues and regression
- fix verification of TSIG signed TCP message sequences where not all
the messages contain TSIG records in lib/dns/tsig.c, aded test to
lib/dns/tests/Makefile.in, lib/dns/tests/tsig_test.c, lib/dns/dnssec.c,
lib/dns/message.c.
- 6fcdcabc11f18eb128167f7f7eca4a244bf75c52
- CVE-2017-3142
- CVE-2017-3143
* Update the built in managed keys to include the upcoming root KSK in
bind.keys, bin/named/bind.keys.h.
- 9543825c155c5c5ec42cc4d95fe6f0d52ef9b0a7
Date: 2021-02-26 17:19:10.680808+00:00
Changed-By: Avital Ostromich <avital.ostrom...@canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-ro...@lists.canonical.com>
https://launchpad.net/ubuntu/+source/bind9/1:9.8.1.dfsg.P1-4ubuntu0.32
Sorry, changesfile not available.
--
Precise-changes mailing list
Precise-changes@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/precise-changes