[ubuntu/kinetic-security] bind9 1:9.18.12-0ubuntu0.22.10.2 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Wed Jun 21 17:06:18 UTC 2023
bind9 (1:9.18.12-0ubuntu0.22.10.2) kinetic-security; urgency=medium
* SECURITY UPDATE: Configured cache size limit can be significantly
exceeded
- debian/patches/CVE-2023-2828.patch: fix cache expiry in
lib/dns/rbtdb.c.
- CVE-2023-2828
* SECURITY UPDATE: Exceeding the recursive-clients quota may cause named
to terminate unexpectedly when stale-answer-client-timeout is set to 0
- debian/patches/CVE-2023-2911.patch: fix refreshing queries in
lib/ns/query.c.
- CVE-2023-2911
bind9 (1:9.18.12-0ubuntu0.22.10.1) kinetic; urgency=medium
* New upstream releases 9.18.5 - 9.18.12 (LP: #2003586)
- Updates:
+ update-quota option
+ named -V shows supported cryptographic algorithms
- Bug Fixes Include:
+ Fix crash when using dig with +nssearch and +tcp (LP: #1258003)
+ Fix incomplete results using dig with +nssearch (LP: #1970252)
+ CVE-2022-2795, CVE-2022-2881, CVE-2022-2906, CVE-2022-3080,
CVE-2022-38178, CVE-2022-3094, CVE-2022-3736, CVE-2022-3924
+ Fix thread safety in dns_dispatch
+ Fix ADB quota management in resolver
+ Fix Prohibited DNS error on allow-recursion
+ Fix crash when restarting server with active statschannel connection
+ Fix use after free for catalog zone processing
+ Fix leak of dns_keyfileio_t objects
+ Fix nslookup failure to use port option when record type ANY is used
+ Fix crash on dnssec-policy zone with NSEC3 and inline-signing turned on
+ Fix inheritance when setting remote server port
+ Fix assertion error when accessing statistics channel
+ Fix rndc dumpdb -expired for stuck cache
+ Fix check for other name servers after receiving FORMERR
+ See https://bind9.readthedocs.io/en/v9_18_12/notes.html#notes-for-bind-9-18-12
for additional bug fixes and information
* Improve dep-8 test suite (LP: #2003584):
- d/t/zonetest: Add dep8 test for checking the domain zone creation process
- d/t/control: Add new test outline
* d/bind9-doc.docs: Stop installing removed file doc/misc/options.active
* d/p/0001-Disable-treat-warnings-as-errors-in-sphinx-build.patch: refresh to
apply with version 9.18.8
* Remove CVE patches fixed upstream:
- debian/patches/CVE-2022-2795.patch
- debian/patches/CVE-2022-2881.patch
- debian/patches/CVE-2022-2906.patch
- debian/patches/CVE-2022-3080.patch
- debian/patches/CVE-2022-38178.patch
[Included in upstream release 9.18.7]
- debian/patches/CVE-2022-3094.patch
- debian/patches/CVE-2022-3736.patch
- debian/patches/CVE-2022-3924.patch
[Included in upstream release 9.18.11]
Date: 2023-06-20 14:20:12.630358+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/bind9/1:9.18.12-0ubuntu0.22.10.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the kinetic-changes
mailing list