[Bug 1405075] [NEW] Sync bind9 1:9.9.5.dfsg-7 (main) from Debian unstable (main)
Launchpad Bug Tracker
1405075 at bugs.launchpad.net
Tue Dec 23 07:02:39 UTC 2014
You have been subscribed to a public bug by Artur Rona (ari-tczew):
Please sync bind9 1:9.9.5.dfsg-7 (main) from Debian unstable (main)
Explanation of the Ubuntu delta and why it can be dropped:
* SECURITY UPDATE: denial of service via delegation handling defect
- limit max recursion in bin/named/config.c, bin/named/query.c,
bin/named/server.c, lib/dns/adb.c, lib/dns/include/dns/adb.h,
lib/dns/include/dns/resolver.h, lib/dns/resolver.c,
lib/export/isc/Makefile.in, lib/isc/counter.c,
lib/isc/include/isc/counter.h, lib/isc/include/isc/Makefile.in,
lib/isc/include/isc/types.h, lib/isc/Makefile.in,
lib/isc/tests/counter_test.c, lib/isc/tests/Makefile.in,
lib/isccfg/namedconf.c.
- Patch extracted from 9.9.6-P1.
- CVE-2014-8500
Debian has merged the same changes.
Changelog entries since current vivid version 1:9.9.5.dfsg-6ubuntu1:
bind9 (1:9.9.5.dfsg-7) unstable; urgency=medium
* Fix CVE-2014-8500: limit recursion in order to avoid memory consuption
issues that can lead to denial-of-service (closes: #772610).
-- Michael Gilbert <mgilbert at debian.org> Sun, 14 Dec 2014 05:05:48
+0000
** Affects: bind9 (Ubuntu)
Importance: Wishlist
Status: New
--
Sync bind9 1:9.9.5.dfsg-7 (main) from Debian unstable (main)
https://bugs.launchpad.net/bugs/1405075
You received this bug notification because you are a member of Ubuntu Sponsors Team, which is subscribed to the bug report.
More information about the Ubuntu-sponsors
mailing list