[ubuntu/plucky-updates] bind9 1:9.20.11-0ubuntu0.2 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Wed Oct 22 20:29:14 UTC 2025
bind9 (1:9.20.11-0ubuntu0.2) plucky-security; urgency=medium
* SECURITY UPDATE: Resource exhaustion via malformed DNSKEY handling
- debian/patches/CVE-2025-8677.patch: count invalid keys as validation
failures in lib/dns/validator.c.
- CVE-2025-8677
* SECURITY UPDATE: Cache poisoning attacks with unsolicited RRs
- debian/patches/CVE-2025-40778.patch: no longer accept DNAME records
or extraneous NS records in the AUTHORITY section unless these are
received via spoofing-resistant transport in doc/arm/reference.rst,
lib/dns/include/dns/message.h, lib/dns/message.c, lib/dns/resolver.c.
- CVE-2025-40778
* SECURITY UPDATE: Cache poisoning due to weak PRNG
- debian/patches/CVE-2025-40780.patch: change internal random generator
to a cryptographically secure pseudo-random generator in
configure.ac, lib/isc/Makefile.am, lib/isc/hash.c, lib/isc/hashmap.c,
lib/isc/include/isc/nonce.h, lib/isc/include/isc/random.h,
lib/isc/random.c, tests/isc/random_test.c.
- CVE-2025-40780
Date: 2025-10-21 14:08:13.105970+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/bind9/1:9.20.11-0ubuntu0.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the plucky-changes
mailing list