[ubuntu/noble-updates] bind9 1:9.18.24-0ubuntu1 (Accepted)
Steve Langasek
steve.langasek at canonical.com
Fri Mar 29 23:04:50 UTC 2024
bind9 (1:9.18.24-0ubuntu1) noble; urgency=medium
* Updated to 9.18.21 to fix security issues.
- Security Fixes:
+ Validating DNS messages containing a lot of DNSSEC signatures could
cause excessive CPU load, leading to a denial-of-service condition.
This has been fixed. (CVE-2023-50387)
+ Preparing an NSEC3 closest encloser proof could cause excessive CPU
load, leading to a denial-of-service condition. This has been
fixed. (CVE-2023-50868)
+ Parsing DNS messages with many different names could cause
excessive CPU load. This has been fixed. (CVE-2023-4408)
+ Specific queries could cause named to crash with an assertion
failure when nxdomain-redirect was enabled. This has been fixed.
(CVE-2023-5517)
+ A bad interaction between DNS64 and serve-stale could cause named
to crash with an assertion failure, when both of these features
were enabled. This has been fixed. (CVE-2023-5679)
+ Under certain circumstances, the DNS-over-TLS client code
incorrectly attempted to process more than one DNS message at a
time, which could cause named to crash with an assertion failure.
This has been fixed.
- Bug Fixes:
+ The counters exported via the statistics channel were changed back
to 64-bit signed values; they were being inadvertently truncated to
unsigned 32-bit values since BIND 9.15.0.
- See https://bind9.readthedocs.io/en/v9.18.24/notes.html for
additional information
Date: 2024-02-14 23:02:09.333356+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/bind9/1:9.18.24-0ubuntu1
-------------- next part --------------
Sorry, changesfile not available.
More information about the noble-changes
mailing list