[ubuntu/resolute-proposed] bind9 1:9.20.11-1ubuntu3 (Accepted)
Simon Chopin
simon.chopin at canonical.com
Fri Oct 24 15:05:30 UTC 2025
bind9 (1:9.20.11-1ubuntu3) resolute; urgency=medium
* SECURITY UPDATE: Resource exhaustion via malformed DNSKEY handling
- debian/patches/CVE-2025-8677.patch: count invalid keys as validation
failures in lib/dns/validator.c.
- CVE-2025-8677
* SECURITY UPDATE: Cache poisoning attacks with unsolicited RRs
- debian/patches/CVE-2025-40778.patch: no longer accept DNAME records
or extraneous NS records in the AUTHORITY section unless these are
received via spoofing-resistant transport in doc/arm/reference.rst,
lib/dns/include/dns/message.h, lib/dns/message.c, lib/dns/resolver.c.
- CVE-2025-40778
* SECURITY UPDATE: Cache poisoning due to weak PRNG
- debian/patches/CVE-2025-40780.patch: change internal random generator
to a cryptographically secure pseudo-random generator in
configure.ac, lib/isc/Makefile.am, lib/isc/hash.c, lib/isc/hashmap.c,
lib/isc/include/isc/nonce.h, lib/isc/include/isc/random.h,
lib/isc/random.c, tests/isc/random_test.c.
- CVE-2025-40780
Date: 2025-10-23 11:34:13.128212+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Simon Chopin <simon.chopin at canonical.com>
https://launchpad.net/ubuntu/+source/bind9/1:9.20.11-1ubuntu3
-------------- next part --------------
Sorry, changesfile not available.
More information about the Resolute-changes
mailing list