[ubuntu/resolute-updates] bind9 1:9.20.18-1ubuntu2.1 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Thu May 21 19:28:41 UTC 2026
bind9 (1:9.20.18-1ubuntu2.1) resolute-security; urgency=medium
* SECURITY UPDATE: BIND 9 server memory exhaustion during GSS-API TKEY
negotiation
- debian/patches/CVE-2026-3039-pre1.patch: Release gnamebuf also on the
error path in lib/dns/gssapictx.c.
- debian/patches/CVE-2026-3039-1.patch: Fix GSS-API context leak in TKEY
negotiation in lib/dns/gssapictx.c, lib/dns/include/dst/gssapi.h,
lib/dns/tkey.c.
- debian/patches/CVE-2026-3039-3.patch: Fix output token and GSS context
leaks in TKEY/GSS-API error paths in lib/dns/gssapictx.c,
lib/dns/tkey.c.
- CVE-2026-3039
* SECURITY UPDATE: Amplification vulnerabilities via self-pointed glue
records
- debian/patches/CVE-2026-3592-1.patch: Limit the number of addresses
returned per ADB find in bin/named/main.c, lib/dns/adb.c.
- debian/patches/CVE-2026-3592-2.patch: Remove duplicate addresses from
the resolver SLIST in lib/dns/resolver.c.
- debian/patches/CVE-2026-3592-3.patch: Add system test for self-pointed
glue deduplication in bin/tests/system/selfpointedglue/ns1/named.conf.j2,
bin/tests/system/selfpointedglue/ns1/root.db,
bin/tests/system/selfpointedglue/ns2/named.conf.j2,
bin/tests/system/selfpointedglue/ns2/tld.db,
bin/tests/system/selfpointedglue/ns3/example.tld.db,
bin/tests/system/selfpointedglue/ns3/example2.tld.db,
bin/tests/system/selfpointedglue/ns3/named.conf.j2,
bin/tests/system/selfpointedglue/ns4/named.args.j2,
bin/tests/system/selfpointedglue/ns4/named.conf.j2,
bin/tests/system/selfpointedglue/ns4/root.hint,
bin/tests/system/selfpointedglue/tests_selfpointedglue.py.
- debian/patches/CVE-2026-3592-4.patch: Add SRTT-based server selection
system test in bin/tests/system/srtt/README,
bin/tests/system/srtt/ans2/ans.py, bin/tests/system/srtt/ans3/ans.py,
bin/tests/system/srtt/ans4/ans.py, bin/tests/system/srtt/ans5/ans.py,
bin/tests/system/srtt/ns1/named.conf.j2,
bin/tests/system/srtt/ns1/root.db, bin/tests/system/srtt/ns6/named.args,
bin/tests/system/srtt/ns6/named.conf.j2,
bin/tests/system/srtt/srtt_ans.py, bin/tests/system/srtt/tests_srtt.py.
- CVE-2026-3592
* SECURITY UPDATE: Heap use-after-free vulnerability in BIND 9
DNS-over-HTTPS implementation
- debian/patches/CVE-2026-3593-1.patch: Add system test for HTTP/2
SETTINGS frame flood in bin/tests/system/doth/tests_malicious.py.
- debian/patches/CVE-2026-3593-2.patch: Fix use-after-free in DoH write
buffer after HTTP/2 send in lib/isc/netmgr/http.c.
- CVE-2026-3593
* SECURITY UPDATE: Invalid handling of CLASS != IN
- debian/patches/CVE-2026-5946-1.patch: Disable recursion for non-IN
classes in bin/named/server.c, lib/isccfg/check.c.
- debian/patches/CVE-2026-5946-2.patch: Disable UPDATE and NOTIFY for
non-IN classes in bin/named/server.c, lib/dns/adb.c,
lib/ns/client.c, lib/ns/update.c.
- debian/patches/CVE-2026-5946-3.patch: Validate DNS message CLASS early
in request processing in bin/tests/system/unknown/tests.sh,
lib/ns/client.c.
- debian/patches/CVE-2026-5946-4.patch: Reject meta-classes in UPDATE and
NOTIFY messages in lib/dns/message.c.
- debian/patches/CVE-2026-5946-5.patch: Skip "deny-answer-address" for
non-IN addresses in lib/dns/resolver.c.
- debian/patches/CVE-2026-5946-6.patch: Test CHAOS view recursion behavior
in bin/tests/system/checkconf/tests.sh,
bin/tests/system/checkconf/warn-chaos-recursion.conf,
bin/tests/system/class/ns1/chaos.db.in,
bin/tests/system/class/ns1/named.conf.j2,
bin/tests/system/class/ns2/example.db.in,
bin/tests/system/class/ns2/localhost.db.in,
bin/tests/system/class/ns2/named.conf.j2,
bin/tests/system/class/ns3/named.conf.j2, bin/tests/system/class/setup.sh,
bin/tests/system/class/tests_class_chaos.py,
bin/tests/system/isctest/check.py.
- debian/patches/CVE-2026-5946-7.patch: Test UPDATE behavior in CHAOS and
other non-IN classes in bin/named/server.c,
bin/tests/system/class/ns2/localhost.db.in,
bin/tests/system/class/tests_class_update.py.
- debian/patches/CVE-2026-5946-8.patch: Test server behavior when sending
various UPDATE requests in bin/tests/system/class/tests_class_update.py,
bin/tests/system/nsupdate/setup.sh, bin/tests/system/nsupdate/tests.sh,
bin/tests/system/packet.pl.
- debian/patches/CVE-2026-5946-9.patch: Make the RD flag optional in
isctest.query() in bin/tests/system/isctest/query.py.
- CVE-2026-5946
* SECURITY UPDATE: SIG(0) validation during query flood may lead to
undefined behavior
- debian/patches/CVE-2026-5947.patch: Fix use-after-free in resolver SIG(0)
async verification path in lib/dns/resolver.c.
- CVE-2026-5947
* SECURITY UPDATE: Unbounded resend loop in BIND 9 resolver
- debian/patches/CVE-2026-5950-1.patch: Add reproducer for BADCOOKIE
resend loop in bin/tests/system/resend_loop/ans3/ans.py,
bin/tests/system/resend_loop/ns4/named.conf.j2,
bin/tests/system/resend_loop/ns4/root.hint,
bin/tests/system/resend_loop/tests_resend_loop.py.
- debian/patches/CVE-2026-5950-2.patch: Refactor incrementing query
counters in lib/dns/resolver.c.
- debian/patches/CVE-2026-5950-3.patch: rctx_resend() increment query
counters in lib/dns/resolver.c.
- CVE-2026-5950
* d/p/CVE-2026-1519-1.patch, d/p/CVE-2026-3104-1.patch: disable patches,
quilt doesn't like patches that create symlinks apparently.
Date: 2026-05-21 13:44:25.002090+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/bind9/1:9.20.18-1ubuntu2.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Resolute-changes
mailing list