[Freeipa] [Bug 2003586] Update Released
The verification of the Stable Release Update for bind9 has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions. -- You received this bug notification because you are a member of FreeIPA, which is subscribed to bind-dyndb-ldap in Ubuntu. https://bugs.launchpad.net/bugs/2003586 Title: MRE Updates 9.18.12 / 9.16.36 Status in bind-dyndb-ldap package in Ubuntu: Fix Released Status in bind9 package in Ubuntu: Fix Released Status in bind-dyndb-ldap source package in Focal: New Status in bind9 source package in Focal: New Status in bind-dyndb-ldap source package in Jammy: Fix Committed Status in bind9 source package in Jammy: Fix Released Status in bind-dyndb-ldap source package in Kinetic: Fix Committed Status in bind9 source package in Kinetic: Fix Released Bug description: This bug tracks an update for the bind9 package, moving to versions: * Kinetic (22.10): bind9 9.18.12 * Jammy (22.04): bind9 9.18.12 * Focal (20.04): bind9 9.16.36 These updates include bug fixes following the SRU policy exception defined at https://wiki.ubuntu.com/Bind9Updates. [Upstream changes] For bind9 9.18.2-9.18.12, major changes include: CVE fixes (These already existed as patches but are now included as part of upstream): CVE-2022-1183 CVE-2022-2795 CVE-2022-2881 CVE-2022-2906 CVE-2022-3080 CVE-2022-38178 CVE-2022-3094 CVE-2022-3736 CVE-2022-3924 Features: update-quota option named -V shows supported cryptographic algorithms Additional info given for recursion not available and query (cache) '...' denied outputs Jammy only (Kinetic already has these): Catalog Zones schema version 2 support in named DNS error support Stale Answer and Stale NXDOMAIN Answer remote TLS certificate verification support reusereport option Bug Fixes: https://gitlab.isc.org/isc-projects/bind9/-/issues/3178 https://gitlab.isc.org/isc-projects/bind9/-/issues/3636 https://gitlab.isc.org/isc-projects/bind9/-/issues/3772 https://gitlab.isc.org/isc-projects/bind9/-/issues/3752 https://gitlab.isc.org/isc-projects/bind9/-/issues/3678 https://gitlab.isc.org/isc-projects/bind9/-/issues/3637 https://gitlab.isc.org/isc-projects/bind9/-/issues/3739 https://gitlab.isc.org/isc-projects/bind9/-/issues/3743 https://gitlab.isc.org/isc-projects/bind9/-/issues/3725 https://gitlab.isc.org/isc-projects/bind9/-/issues/3693 https://gitlab.isc.org/isc-projects/bind9/-/issues/3683 https://gitlab.isc.org/isc-projects/bind9/-/issues/3727 https://gitlab.isc.org/isc-projects/bind9/-/issues/3638 https://gitlab.isc.org/isc-projects/bind9/-/issues/3183 https://gitlab.isc.org/isc-projects/bind9/-/issues/3721 https://gitlab.isc.org/isc-projects/bind9/-/issues/3707 https://gitlab.isc.org/isc-projects/bind9/-/issues/3591 https://gitlab.isc.org/isc-projects/bind9/-/issues/3598 https://gitlab.isc.org/isc-projects/bind9/-/issues/3247 https://gitlab.isc.org/isc-projects/bind9/-/issues/2895 https://gitlab.isc.org/isc-projects/bind9/-/issues/3584 https://gitlab.isc.org/isc-projects/bind9/-/issues/3627 https://gitlab.isc.org/isc-projects/bind9/-/issues/3563 https://gitlab.isc.org/isc-projects/bind9/-/issues/3603 https://gitlab.isc.org/isc-projects/bind9/-/issues/3542 https://gitlab.isc.org/isc-projects/bind9/-/issues/3557 https://gitlab.isc.org/isc-projects/bind9/-/issues/2982 https://gitlab.isc.org/isc-projects/bind9/-/issues/3439 https://gitlab.isc.org/isc-projects/bind9/-/issues/3438 https://gitlab.isc.org/isc-projects/bind9/-/issues/2918 https://gitlab.isc.org/isc-projects/bind9/-/issues/3462 https://gitlab.isc.org/isc-projects/bind9/-/issues/3400 https://gitlab.isc.org/isc-projects/bind9/-/issues/3402 https://gitlab.isc.org/isc-projects/bind9/-/issues/3152 https://gitlab.isc.org/isc-projects/bind9/-/issues/3415 https://gitlab.isc.org/isc-projects/bind9/-/issues/2506 Jammy only: https://gitlab.isc.org/isc-projects/bind9/-/issues/3327 https://gitlab.isc.org/isc-projects/bind9/-/issues/3380 https://gitlab.isc.org/isc-projects/bind9/-/issues/3302 https://gitlab.isc.org/isc-projects/bind9/-/issues/2931 https://gitlab.isc.org/isc-projects/bind9/-/issues/3242 https://gitlab.isc.org/isc-projects/bind9/-/issues/3020 https://gitlab.isc.org/isc-projects/bind9/-/issues/3128 https://gitlab.isc.org/isc-projects/bind9/-/issues/3145 https://gitlab.isc.org/isc-projects/bind9/-/issues/3184 https://gitlab.isc.org/isc-projects/bind9/-/issues/3205 https://gitlab.isc.org/isc-projects/bind9/-/issues/3244 https://gitlab.isc.org/isc-projects/bind9/-/issues/3248
[Freeipa] [Bug 2003586] Re: MRE Updates 9.18.12 / 9.16.36
This bug was fixed in the package bind9 - 1:9.18.12-0ubuntu0.22.10.1 --- bind9 (1:9.18.12-0ubuntu0.22.10.1) kinetic; urgency=medium * New upstream releases 9.18.5 - 9.18.12 (LP: #2003586) - Updates: + update-quota option + named -V shows supported cryptographic algorithms - Bug Fixes Include: + Fix crash when using dig with +nssearch and +tcp (LP: #1258003) + Fix incomplete results using dig with +nssearch (LP: #1970252) + CVE-2022-2795, CVE-2022-2881, CVE-2022-2906, CVE-2022-3080, CVE-2022-38178, CVE-2022-3094, CVE-2022-3736, CVE-2022-3924 + Fix thread safety in dns_dispatch + Fix ADB quota management in resolver + Fix Prohibited DNS error on allow-recursion + Fix crash when restarting server with active statschannel connection + Fix use after free for catalog zone processing + Fix leak of dns_keyfileio_t objects + Fix nslookup failure to use port option when record type ANY is used + Fix crash on dnssec-policy zone with NSEC3 and inline-signing turned on + Fix inheritance when setting remote server port + Fix assertion error when accessing statistics channel + Fix rndc dumpdb -expired for stuck cache + Fix check for other name servers after receiving FORMERR + See https://bind9.readthedocs.io/en/v9_18_12/notes.html#notes-for-bind-9-18-12 for additional bug fixes and information * Improve dep-8 test suite (LP: #2003584): - d/t/zonetest: Add dep8 test for checking the domain zone creation process - d/t/control: Add new test outline * d/bind9-doc.docs: Stop installing removed file doc/misc/options.active * d/p/0001-Disable-treat-warnings-as-errors-in-sphinx-build.patch: refresh to apply with version 9.18.8 * Remove CVE patches fixed upstream: - debian/patches/CVE-2022-2795.patch - debian/patches/CVE-2022-2881.patch - debian/patches/CVE-2022-2906.patch - debian/patches/CVE-2022-3080.patch - debian/patches/CVE-2022-38178.patch [Included in upstream release 9.18.7] - debian/patches/CVE-2022-3094.patch - debian/patches/CVE-2022-3736.patch - debian/patches/CVE-2022-3924.patch [Included in upstream release 9.18.11] -- Lena Voytek Wed, 08 Mar 2023 08:49:53 -0700 ** Changed in: bind9 (Ubuntu Kinetic) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of FreeIPA, which is subscribed to bind-dyndb-ldap in Ubuntu. https://bugs.launchpad.net/bugs/2003586 Title: MRE Updates 9.18.12 / 9.16.36 Status in bind-dyndb-ldap package in Ubuntu: Fix Released Status in bind9 package in Ubuntu: Fix Released Status in bind-dyndb-ldap source package in Focal: New Status in bind9 source package in Focal: New Status in bind-dyndb-ldap source package in Jammy: Fix Committed Status in bind9 source package in Jammy: Fix Released Status in bind-dyndb-ldap source package in Kinetic: Fix Committed Status in bind9 source package in Kinetic: Fix Released Bug description: This bug tracks an update for the bind9 package, moving to versions: * Kinetic (22.10): bind9 9.18.12 * Jammy (22.04): bind9 9.18.12 * Focal (20.04): bind9 9.16.36 These updates include bug fixes following the SRU policy exception defined at https://wiki.ubuntu.com/Bind9Updates. [Upstream changes] For bind9 9.18.2-9.18.12, major changes include: CVE fixes (These already existed as patches but are now included as part of upstream): CVE-2022-1183 CVE-2022-2795 CVE-2022-2881 CVE-2022-2906 CVE-2022-3080 CVE-2022-38178 CVE-2022-3094 CVE-2022-3736 CVE-2022-3924 Features: update-quota option named -V shows supported cryptographic algorithms Additional info given for recursion not available and query (cache) '...' denied outputs Jammy only (Kinetic already has these): Catalog Zones schema version 2 support in named DNS error support Stale Answer and Stale NXDOMAIN Answer remote TLS certificate verification support reusereport option Bug Fixes: https://gitlab.isc.org/isc-projects/bind9/-/issues/3178 https://gitlab.isc.org/isc-projects/bind9/-/issues/3636 https://gitlab.isc.org/isc-projects/bind9/-/issues/3772 https://gitlab.isc.org/isc-projects/bind9/-/issues/3752 https://gitlab.isc.org/isc-projects/bind9/-/issues/3678 https://gitlab.isc.org/isc-projects/bind9/-/issues/3637 https://gitlab.isc.org/isc-projects/bind9/-/issues/3739 https://gitlab.isc.org/isc-projects/bind9/-/issues/3743 https://gitlab.isc.org/isc-projects/bind9/-/issues/3725 https://gitlab.isc.org/isc-projects/bind9/-/issues/3693 https://gitlab.isc.org/isc-projects/bind9/-/issues/3683 https://gitlab.isc.org/isc-projects/bind9/-/issues/3727 https://gitlab.isc.org/isc-projects/bind9/-/issues/3638 https://gitlab.isc.org/isc-projects/bind9/-/issues/3183 https://gitlab.isc.org/isc-projects/bind9/-/issues/3721
[Freeipa] [Bug 2003586] Re: MRE Updates 9.18.12 / 9.16.36
This bug was fixed in the package bind9 - 1:9.18.12-0ubuntu0.22.04.1 --- bind9 (1:9.18.12-0ubuntu0.22.04.1) jammy; urgency=medium * New upstream releases 9.18.2 - 9.18.12 (LP: #2003586) - Updates: + update-quota option + named -V shows supported cryptographic algorithms + Catalog Zones schema version 2 support in named + DNS error support Stale Answer and Stale NXDOMAIN Answer + Remote TLS certificate verification support + reusereport option - Bug Fixes Include: + Fix crash when using dig with +nssearch and +tcp (LP: #1258003) + Fix incomplete results using dig with +nssearch (LP: #1970252) + Fix loading of preinstalled plugins (LP: #2006972) + CVE-2022-2795, CVE-2022-2881, CVE-2022-2906, CVE-2022-3080, CVE-2022-38178, CVE-2022-3094, CVE-2022-3736, CVE-2022-3924, CVE-2022-1183 + Fix thread safety in dns_dispatch + Fix ADB quota management in resolver + Fix Prohibited DNS error on allow-recursion + Fix crash when restarting server with active statschannel connection + Fix use after free for catalog zone processing + Fix leak of dns_keyfileio_t objects + Fix nslookup failure to use port option when record type ANY is used + Fix crash on dnssec-policy zone with NSEC3 and inline-signing turned on + Fix inheritance when setting remote server port + Fix assertion error when accessing statistics channel + Fix rndc dumpdb -expired for stuck cache + Fix check for other name servers after receiving FORMERR + Fix deletion of CDS after zone sign + Fix dighost query context management + Fix dig hanging due to IPv4 mapped IPv6 address + See https://bind9.readthedocs.io/en/v9_18_12/notes.html#notes-for-bind-9-18-12 for additional bug fixes and information * Improve dep-8 test suite (LP: #2003584): - d/t/zonetest: Add dep8 test for checking the domain zone creation process - d/t/control: Add new test outline * d/bind9-doc.docs: Stop installing removed file doc/misc/options.active * Remove patches for bugs LP #1964400 and LP #1964686 fixed upstream: - lp1964400-lp1964686-Fix-an-issue-in-dig-when-retrying-with-the-next-serv - lp1964400-lp1964686-When-resending-a-UDP-request-insert-the-query-to-the - lp1964400-lp1964686-Add-digdelv-system-test-to-check-timed-out-result-fo - lp1964400-lp1964686-After-dig-request-errors-try-to-use-other-servers-wh - lp1964400-lp1964686-Add-digdelv-system-test-to-check-that-dig-tries-othe - lp1964400-lp1964686-Fix-dig-error-when-trying-the-next-server-after-a-TC - lp1964400-lp1964686-Add-various-dig-host-tests-for-TCP-UDP-socket-error- * Remove CVE patches fixed upstream: - debian/patches/CVE-2022-1183.patch [Included in upstream release 9.18.3] - debian/patches/CVE-2022-2795.patch - debian/patches/CVE-2022-2881.patch - debian/patches/CVE-2022-2906.patch - debian/patches/CVE-2022-3080.patch - debian/patches/CVE-2022-38178.patch [Included in upstream release 9.18.7] - debian/patches/CVE-2022-3094.patch - debian/patches/CVE-2022-3736.patch - debian/patches/CVE-2022-3924.patch [Included in upstream release 9.18.11] -- Lena Voytek Wed, 08 Mar 2023 12:08:55 -0700 ** Changed in: bind9 (Ubuntu Jammy) Status: Fix Committed => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-1183 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-2795 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-2881 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-2906 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-3080 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-3094 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-3736 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-38178 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-3924 -- You received this bug notification because you are a member of FreeIPA, which is subscribed to bind-dyndb-ldap in Ubuntu. https://bugs.launchpad.net/bugs/2003586 Title: MRE Updates 9.18.12 / 9.16.36 Status in bind-dyndb-ldap package in Ubuntu: Fix Released Status in bind9 package in Ubuntu: Fix Released Status in bind-dyndb-ldap source package in Focal: New Status in bind9 source package in Focal: New Status in bind-dyndb-ldap source package in Jammy: Fix Committed Status in bind9 source package in Jammy: Fix Released Status in bind-dyndb-ldap source package in Kinetic: Fix Committed Status in bind9 source package in Kinetic: Fix Released Bug description: This bug tracks an update for the bind9 package, moving to versions: * Kinetic (22.10): bind9 9.18.12 * Jammy (22.04): bind9 9.18.12 * Focal (20.04): bind9 9.16.36 These updates include bug fixes following the SRU policy exception