bind9 (1:9.9.5.dfsg-3ubuntu0.14) trusty-security; urgency=medium
* SECURITY UPDATE: Denial of Service due to an error handling
synthesized records when using DNS64 with "break-dnssec yes;"
- bin/named/query.c: reset noqname if query_dns64() called.
- CVE-2017-3136
* SECURITY UPDATE: Denial of Service due to resolver terminating when
processing a response packet containing a CNAME or DNAME
- lib/dns/resolver.c: don't expect a specific
ordering of answer components
- lib/dns/name.c: remove part of assertion that triggers in
dns_name_split() (partial cherrypick of upstream
dc3912f3caac1104fef441fd18571b7a975708ea
- bin/tests/system/dname/ns2/example.db,
bin/tests/system/dname/tests.sh: add testcases.
- CVE-2017-3137
* SECURITY UPDATE: Denial of Service when receiving a null command on
the control channel
- lib/isc/lex.c, lib/isc/include/isc/lex.h: don't throw an assert if no
command token is given
- bin/tests/system/rndc/tests.sh: add testcase.
- CVE-2017-3138
Date: 2017-04-13 08:02:15.436548+00:00
Changed-By: Steve Beattie <[email protected]>
https://launchpad.net/ubuntu/+source/bind9/1:9.9.5.dfsg-3ubuntu0.14
Sorry, changesfile not available.
--
Trusty-changes mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/trusty-changes