[ubuntu/trusty-security] bind9 1:9.9.5.dfsg-3ubuntu0.14 (Accepted)
Steve Beattie
sbeattie at ubuntu.com
Mon Apr 17 17:00:31 UTC 2017
bind9 (1:9.9.5.dfsg-3ubuntu0.14) trusty-security; urgency=medium
* SECURITY UPDATE: Denial of Service due to an error handling
synthesized records when using DNS64 with "break-dnssec yes;"
- bin/named/query.c: reset noqname if query_dns64() called.
- CVE-2017-3136
* SECURITY UPDATE: Denial of Service due to resolver terminating when
processing a response packet containing a CNAME or DNAME
- lib/dns/resolver.c: don't expect a specific
ordering of answer components
- lib/dns/name.c: remove part of assertion that triggers in
dns_name_split() (partial cherrypick of upstream
dc3912f3caac1104fef441fd18571b7a975708ea
- bin/tests/system/dname/ns2/example.db,
bin/tests/system/dname/tests.sh: add testcases.
- CVE-2017-3137
* SECURITY UPDATE: Denial of Service when receiving a null command on
the control channel
- lib/isc/lex.c, lib/isc/include/isc/lex.h: don't throw an assert if no
command token is given
- bin/tests/system/rndc/tests.sh: add testcase.
- CVE-2017-3138
Date: 2017-04-13 08:02:15.436548+00:00
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
https://launchpad.net/ubuntu/+source/bind9/1:9.9.5.dfsg-3ubuntu0.14
-------------- next part --------------
Sorry, changesfile not available.
More information about the Trusty-changes
mailing list