[ubuntu/questing-updates] bind9 1:9.20.11-1ubuntu2.2 (Accepted)

Ubuntu Archive Robot ubuntu-archive-robot at lists.canonical.com
Wed Mar 25 17:59:08 UTC 2026 

bind9 (1:9.20.11-1ubuntu2.2) questing-security; urgency=medium

  * SECURITY UPDATE: Excessive NSEC3 iterations cause high CPU load during
    insecure delegation validation
    - debian/patches/CVE-2026-1519-1.patch: add reproducers to bin/tests/*.
    - debian/patches/CVE-2026-1519-2.patch: check iterations in
      isdelegation() in lib/dns/validator.c.
    - debian/patches/CVE-2026-1519-3.patch: don't verify already trusted
      rdatasets in lib/dns/include/dns/types.h, lib/dns/validator.c.
    - debian/patches/CVE-2026-1519-4.patch: combine validator_log and
      marksecure in lib/dns/validator.c.
    - debian/patches/CVE-2026-1519-5.patch: check RRset trust in
      validate_neg_rrset() in lib/dns/validator.c.
    - CVE-2026-1519
  * SECURITY UPDATE: Memory leak in code preparing DNSSEC proofs of
    non-existence
    - debian/patches/CVE-2026-3104-1.patch: add tests to bin/tests/*.
    - debian/patches/CVE-2026-3104-2.patch: fix memory leak in QPcache
      addnoqname/addclosest mechanism in lib/dns/qpcache.c,
      lib/dns/rbtdb.c.
    - CVE-2026-3104
  * SECURITY UPDATE: Authenticated query containing a TKEY record may cause
    named to terminate unexpectedly
    - debian/patches/CVE-2026-3119-1.patch: add tests to bin/tests/*.
    - debian/patches/CVE-2026-3119-2.patch: fix a bug in
      dns_tkey_processquery() in lib/dns/tkey.c.
    - CVE-2026-3119
  * SECURITY UPDATE: A stack use-after-return flaw in SIG(0) handling code
    may enable ACL bypass
    - debian/patches/CVE-2026-3591-1.patch: add tests to bin/tests/*.
    - debian/patches/CVE-2026-3591-2.patch: fix stack Use-After-Return in
      SIG(0) handling in bin/named/server.c.
    - CVE-2026-3591

Date: 2026-03-24 16:45:15.632665+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/bind9/1:9.20.11-1ubuntu2.2
-------------- next part --------------
Sorry, changesfile not available.

More information about the Questing-changes mailing list