[ubuntu/plucky-proposed] bind9 1:9.20.0-2ubuntu4 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Wed Jan 29 20:18:15 UTC 2025 

bind9 (1:9.20.0-2ubuntu4) plucky; urgency=medium

  * SECURITY UPDATE: Many records in the additional section cause CPU
    exhaustion
    - debian/patches/CVE-2024-11187.patch: limit the additional processing
      for large RDATA sets in bin/tests/*, lib/dns/include/dns/rdataset.h,
      lib/dns/qpzone.c, lib/dns/rbt-zonedb.c, lib/dns/rdataset.c,
      lib/dns/resolver.c, lib/ns/query.c.
    - CVE-2024-11187
  * SECURITY UPDATE: DNS-over-HTTPS implementation suffers from multiple
    issues under heavy query load
    - debian/patches/CVE-2024-12705.patch: fix flooding issues in
      lib/isc/netmgr/http.c, lib/isc/netmgr/netmgr-int.h,
      lib/isc/netmgr/proxystream.c, lib/isc/netmgr/streamdns.c,
      lib/isc/netmgr/tcp.c, lib/isc/netmgr/tlsstream.c,
    - CVE-2024-12705

Date: Tue, 28 Jan 2025 09:18:29 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/bind9/1:9.20.0-2ubuntu4
-------------- next part --------------
Format: 1.8
Date: Tue, 28 Jan 2025 09:18:29 -0500
Source: bind9
Built-For-Profiles: noudeb
Architecture: source
Version: 1:9.20.0-2ubuntu4
Distribution: plucky
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
 bind9 (1:9.20.0-2ubuntu4) plucky; urgency=medium
 .
   * SECURITY UPDATE: Many records in the additional section cause CPU
     exhaustion
     - debian/patches/CVE-2024-11187.patch: limit the additional processing
       for large RDATA sets in bin/tests/*, lib/dns/include/dns/rdataset.h,
       lib/dns/qpzone.c, lib/dns/rbt-zonedb.c, lib/dns/rdataset.c,
       lib/dns/resolver.c, lib/ns/query.c.
     - CVE-2024-11187
   * SECURITY UPDATE: DNS-over-HTTPS implementation suffers from multiple
     issues under heavy query load
     - debian/patches/CVE-2024-12705.patch: fix flooding issues in
       lib/isc/netmgr/http.c, lib/isc/netmgr/netmgr-int.h,
       lib/isc/netmgr/proxystream.c, lib/isc/netmgr/streamdns.c,
       lib/isc/netmgr/tcp.c, lib/isc/netmgr/tlsstream.c,
     - CVE-2024-12705
Checksums-Sha1:
 68d2b54d1f926c3c5e63caf01930d43bf1abe9fe 3192 bind9_9.20.0-2ubuntu4.dsc
 b1fa922005865c45f622aa134b2769d3df6dd178 81980 bind9_9.20.0-2ubuntu4.debian.tar.xz
 70df2c98be2a14ae5331b317a97a66f204767a9f 7663 bind9_9.20.0-2ubuntu4_source.buildinfo
Checksums-Sha256:
 580e234956b9a8ac8e2c6d997d9d30830e981df96523071fc4f33e528f3f3cb2 3192 bind9_9.20.0-2ubuntu4.dsc
 d255b8b9c78e25ee95f13d946577aa0f1a1210c123d213410ff11fd9caa2b710 81980 bind9_9.20.0-2ubuntu4.debian.tar.xz
 2376a90bd41f909a093e09c8345e22d72ade593a497a47a1ec77679d39e4df9a 7663 bind9_9.20.0-2ubuntu4_source.buildinfo
Files:
 3f1e7f726529c5965afbbca3ba90a510 3192 net optional bind9_9.20.0-2ubuntu4.dsc
 286345d3e201506091cf759b87a9f1f3 81980 net optional bind9_9.20.0-2ubuntu4.debian.tar.xz
 208ac4b3defd01e9b7dc4614afe46613 7663 net optional bind9_9.20.0-2ubuntu4_source.buildinfo
Original-Maintainer: Debian DNS Team <team+dns at tracker.debian.org>

More information about the plucky-changes mailing list