[ubuntu/noble-proposed] bind9 1:9.18.24-0ubuntu1 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Wed Feb 14 23:02:12 UTC 2024 

bind9 (1:9.18.24-0ubuntu1) noble; urgency=medium

  * Updated to 9.18.21 to fix security issues.
    - Security Fixes:
      + Validating DNS messages containing a lot of DNSSEC signatures could
        cause excessive CPU load, leading to a denial-of-service condition.
        This has been fixed. (CVE-2023-50387)
      + Preparing an NSEC3 closest encloser proof could cause excessive CPU
        load, leading to a denial-of-service condition. This has been
        fixed. (CVE-2023-50868)
      + Parsing DNS messages with many different names could cause
        excessive CPU load. This has been fixed. (CVE-2023-4408)
      + Specific queries could cause named to crash with an assertion
        failure when nxdomain-redirect was enabled. This has been fixed.
        (CVE-2023-5517)
      + A bad interaction between DNS64 and serve-stale could cause named
        to crash with an assertion failure, when both of these features
        were enabled. This has been fixed. (CVE-2023-5679)
      + Under certain circumstances, the DNS-over-TLS client code
        incorrectly attempted to process more than one DNS message at a
        time, which could cause named to crash with an assertion failure.
        This has been fixed.
    - Bug Fixes:
      + The counters exported via the statistics channel were changed back
        to 64-bit signed values; they were being inadvertently truncated to
        unsigned 32-bit values since BIND 9.15.0.
    - See https://bind9.readthedocs.io/en/v9.18.24/notes.html for
      additional information

Date: Wed, 14 Feb 2024 14:31:05 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/bind9/1:9.18.24-0ubuntu1
-------------- next part --------------
Format: 1.8
Date: Wed, 14 Feb 2024 14:31:05 -0500
Source: bind9
Built-For-Profiles: noudeb
Architecture: source
Version: 1:9.18.24-0ubuntu1
Distribution: noble
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
 bind9 (1:9.18.24-0ubuntu1) noble; urgency=medium
 .
   * Updated to 9.18.21 to fix security issues.
     - Security Fixes:
       + Validating DNS messages containing a lot of DNSSEC signatures could
         cause excessive CPU load, leading to a denial-of-service condition.
         This has been fixed. (CVE-2023-50387)
       + Preparing an NSEC3 closest encloser proof could cause excessive CPU
         load, leading to a denial-of-service condition. This has been
         fixed. (CVE-2023-50868)
       + Parsing DNS messages with many different names could cause
         excessive CPU load. This has been fixed. (CVE-2023-4408)
       + Specific queries could cause named to crash with an assertion
         failure when nxdomain-redirect was enabled. This has been fixed.
         (CVE-2023-5517)
       + A bad interaction between DNS64 and serve-stale could cause named
         to crash with an assertion failure, when both of these features
         were enabled. This has been fixed. (CVE-2023-5679)
       + Under certain circumstances, the DNS-over-TLS client code
         incorrectly attempted to process more than one DNS message at a
         time, which could cause named to crash with an assertion failure.
         This has been fixed.
     - Bug Fixes:
       + The counters exported via the statistics channel were changed back
         to 64-bit signed values; they were being inadvertently truncated to
         unsigned 32-bit values since BIND 9.15.0.
     - See https://bind9.readthedocs.io/en/v9.18.24/notes.html for
       additional information
Checksums-Sha1:
 a6021d24fa4dc9203d50571f587c9a487f2a36c0 3276 bind9_9.18.24-0ubuntu1.dsc
 e5bfeb64e3d118c5b4e21ae615f2b9c3ea5339ff 5515528 bind9_9.18.24.orig.tar.xz
 34ead0b3e466e37e653ee97dceca59728ea9e5ae 833 bind9_9.18.24.orig.tar.xz.asc
 d5c71107a94b36c6a6acd5da4d6df3d5813c3af9 73340 bind9_9.18.24-0ubuntu1.debian.tar.xz
 888ace86ff16a212ccd0087f75f33aaad3a78b36 8406 bind9_9.18.24-0ubuntu1_source.buildinfo
Checksums-Sha256:
 3d249740d6f5fc60a0cf8d0aab8eb3ff1025221a919a2435b4e0fd846c931067 3276 bind9_9.18.24-0ubuntu1.dsc
 709d73023c9115ddad3bab65b6c8c79a590196d0d114f5d0ca2533dbd52ddf66 5515528 bind9_9.18.24.orig.tar.xz
 d69191fd021bd68280077f03f586942cf2027ae7683be08aeb244bc58530e625 833 bind9_9.18.24.orig.tar.xz.asc
 00c39f452e621ef34ab3924c5245b6ba673e2c23ac072346e16e2276679f1b55 73340 bind9_9.18.24-0ubuntu1.debian.tar.xz
 84c329ce30503dcd8693ebab55a06c76bcab03ad65904f5e9ed83087b7fc1517 8406 bind9_9.18.24-0ubuntu1_source.buildinfo
Files:
 17b49a9da9a8d708acf4ee7a1632d284 3276 net optional bind9_9.18.24-0ubuntu1.dsc
 c791cb32069dbfb6d555ee682309ab09 5515528 net optional bind9_9.18.24.orig.tar.xz
 a094ff71451d9362dc38bec2183ebd25 833 net optional bind9_9.18.24.orig.tar.xz.asc
 a0b6f5e8fd9f3ccafa8e7339d398774b 73340 net optional bind9_9.18.24-0ubuntu1.debian.tar.xz
 87ee171f00417fe9b5a7f1bf669518c0 8406 net optional bind9_9.18.24-0ubuntu1_source.buildinfo
Original-Maintainer: Debian DNS Team <team+dns at tracker.debian.org>

More information about the noble-changes mailing list