9.16.1-0ubuntu2.3 has the patch for 2020-8621:
bind9 (1:9.16.1-0ubuntu2.3) focal-security; urgency=medium
* SECURITY UPDATE: A specially crafted large TCP payload can trigger an
assertion failure
- debian/patches/CVE-2020-8620.patch: add extra checks to
lib/isc/netmgr/netmgr-int.h, lib/isc/netmgr/netmgr.c,
lib/isc/netmgr/tcp.c, lib/isc/netmgr/udp.c.
- CVE-2020-8620
* SECURITY UPDATE: Attempting QNAME minimization after forwarding can
lead to an assertion failure
- debian/patches/CVE-2020-8621.patch: disable QNAME minimization in
lib/dns/resolver.c.
- CVE-2020-8621
...
Maybe this is https://gitlab.isc.org/isc-
projects/bind9/-/commit/0a22024c270a38a54f0d51621a046b726df158c0 ? Fixed
in debian too:
bind9 (1:9.16.6-3) unstable; urgency=medium
[ Ondřej Surý ]
* Add upstream patches to fix some rare conditions (Closes: #969448)
[ Bernhard Schmidt ]
* Set Restart=on-failure in systemd unit
-- Bernhard Schmidt <[email protected]> Tue, 15 Sep 2020 00:26:14 +0200
** Bug watch added: Debian Bug tracker #969448
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969448
** Also affects: bind9 (Debian) via
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969448
Importance: Unknown
Status: Unknown
** No longer affects: bind9 (Debian)
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-8620
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1896740
Title:
BIND crashes with failed assertion
INSIST(dns_name_issubdomain(&fctx->name, &fctx->domain))
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/1896740/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
