[ubuntu/mantic-updates] bind9 1:9.18.24-0ubuntu0.23.10.1 (Accepted)
Robie Basak
robie.basak at canonical.com
Wed Jun 5 09:09:59 UTC 2024
bind9 (1:9.18.24-0ubuntu0.23.10.1) mantic; urgency=medium
* New upstream version 9.18.24 (LP: #2040459)
- Updates:
+ Mark use of AES as the DNS COOKIE algorithm as depricated.
+ Mark resolver-nonbackoff-tries and resolver-retry-interval statements
as depricated.
+ Update IP addresses for B.ROOT-SERVERS.NET to 170.247.170.2 and
2801:1b8:10::b.
+ Mark dnssec-must-be-secure option as deprecated.
+ Honor nsupdate -v option for SOA queries by sending both the UPDATE
request and the initial query over TCP.
+ Reduce memory consumption through dedicated jemalloc memory arenas.
- Bug fixes:
+ Fix accidental truncation to 32 bit of statistics channel counters.
+ Do not schedule unsigned versions of inline-signed zones containing
DNSSEC records for resigning.
+ Take local authoritive data into account when looking up stale data
from the cache.
+ Fix assertion failure when lock-file used at the same time as named -X.
+ Fix lockfile removal issue when starting named 3+ times.
+ Fix validation of If-Modified-Since header in statistics channel for
its length.
+ Add Content-Length header bounds check to avoid integer overflow.
+ Fix memory leaks from OpenSSL error stack.
+ Fix SERVFAIL responses after introduction of krb5-subdomain-self-rhs
and ms-subdomain-self-rhs UPDATE policies.
+ Fix accidental disable of stale-refresh-time feature on rndc flush.
+ Fix possible DNS message corruption from partial writes in TLS DNS.
- See https://bind9.readthedocs.io/en/v9.18.24/notes.html for additional
information.
* Remove CVE patches fixed upstream:
- CVE-2023-3341.patch
- CVE-2023-4236.patch
[ Fixed in 9.18.19 ]
- 0001-CVE-2023-4408.patch
- 0002-CVE-2023-5517.patch
- 0003-CVE-2023-5679.patch
- 0004-CVE-2023-50387-CVE-2023-50868.patch
[ Fixed in 9.18.24 ]
* d/p/always-use-standard-library-stdatomic.patch: Maintain use of the
standard library stdatomic.h.
Date: 2024-04-16 21:45:10.835951+00:00
Changed-By: Lena Voytek <lena.voytek at canonical.com>
Signed-By: Robie Basak <robie.basak at canonical.com>
https://launchpad.net/ubuntu/+source/bind9/1:9.18.24-0ubuntu0.23.10.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the mantic-changes
mailing list