[Bug 1405075] [NEW] Sync bind9 1:9.9.5.dfsg-7 (main) from Debian unstable (main)
Artur Rona
ari-tczew at tlen.pl
Tue Dec 23 07:02:34 UTC 2014
Public bug reported:
Please sync bind9 1:9.9.5.dfsg-7 (main) from Debian unstable (main)
Explanation of the Ubuntu delta and why it can be dropped:
* SECURITY UPDATE: denial of service via delegation handling defect
- limit max recursion in bin/named/config.c, bin/named/query.c,
bin/named/server.c, lib/dns/adb.c, lib/dns/include/dns/adb.h,
lib/dns/include/dns/resolver.h, lib/dns/resolver.c,
lib/export/isc/Makefile.in, lib/isc/counter.c,
lib/isc/include/isc/counter.h, lib/isc/include/isc/Makefile.in,
lib/isc/include/isc/types.h, lib/isc/Makefile.in,
lib/isc/tests/counter_test.c, lib/isc/tests/Makefile.in,
lib/isccfg/namedconf.c.
- Patch extracted from 9.9.6-P1.
- CVE-2014-8500
Debian has merged the same changes.
Changelog entries since current vivid version 1:9.9.5.dfsg-6ubuntu1:
bind9 (1:9.9.5.dfsg-7) unstable; urgency=medium
* Fix CVE-2014-8500: limit recursion in order to avoid memory consuption
issues that can lead to denial-of-service (closes: #772610).
-- Michael Gilbert <mgilbert at debian.org> Sun, 14 Dec 2014 05:05:48
+0000
** Affects: bind9 (Ubuntu)
Importance: Wishlist
Status: New
** Changed in: bind9 (Ubuntu)
Importance: Undecided => Wishlist
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to bind9 in Ubuntu.
https://bugs.launchpad.net/bugs/1405075
Title:
Sync bind9 1:9.9.5.dfsg-7 (main) from Debian unstable (main)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/1405075/+subscriptions
More information about the Ubuntu-server-bugs
mailing list