[ubuntu/mantic-updates] bind9 1:9.18.24-0ubuntu0.23.10.1 (Accepted)

Robie Basak robie.basak at canonical.com
Wed Jun 5 09:09:59 UTC 2024


bind9 (1:9.18.24-0ubuntu0.23.10.1) mantic; urgency=medium

  * New upstream version 9.18.24 (LP: #2040459)
    - Updates:
      + Mark use of AES as the DNS COOKIE algorithm as depricated.
      + Mark resolver-nonbackoff-tries and resolver-retry-interval statements
        as depricated.
      + Update IP addresses for B.ROOT-SERVERS.NET to 170.247.170.2 and
        2801:1b8:10::b.
      + Mark dnssec-must-be-secure option as deprecated.
      + Honor nsupdate -v option for SOA queries by sending both the UPDATE
        request and the initial query over TCP.
      + Reduce memory consumption through dedicated jemalloc memory arenas.
    - Bug fixes:
      + Fix accidental truncation to 32 bit of statistics channel counters.
      + Do not schedule unsigned versions of inline-signed zones containing
        DNSSEC records for resigning.
      + Take local authoritive data into account when looking up stale data
        from the cache.
      + Fix assertion failure when lock-file used at the same time as named -X.
      + Fix lockfile removal issue when starting named 3+ times.
      + Fix validation of If-Modified-Since header in statistics channel for
        its length.
      + Add Content-Length header bounds check to avoid integer overflow.
      + Fix memory leaks from OpenSSL error stack.
      + Fix SERVFAIL responses after introduction of krb5-subdomain-self-rhs
        and ms-subdomain-self-rhs UPDATE policies.
      + Fix accidental disable of stale-refresh-time feature on rndc flush.
      + Fix possible DNS message corruption from partial writes in TLS DNS.
    - See https://bind9.readthedocs.io/en/v9.18.24/notes.html for additional
      information.
  * Remove CVE patches fixed upstream:
    - CVE-2023-3341.patch
    - CVE-2023-4236.patch
    [ Fixed in 9.18.19 ]
    - 0001-CVE-2023-4408.patch
    - 0002-CVE-2023-5517.patch
    - 0003-CVE-2023-5679.patch
    - 0004-CVE-2023-50387-CVE-2023-50868.patch
    [ Fixed in 9.18.24 ]
  * d/p/always-use-standard-library-stdatomic.patch: Maintain use of the
    standard library stdatomic.h.

Date: 2024-04-16 21:45:10.835951+00:00
Changed-By: Lena Voytek <lena.voytek at canonical.com>
Signed-By: Robie Basak <robie.basak at canonical.com>
https://launchpad.net/ubuntu/+source/bind9/1:9.18.24-0ubuntu0.23.10.1
-------------- next part --------------
Sorry, changesfile not available.


More information about the mantic-changes mailing list