New Debian bind9 1:9.9.5.dfsg-9+deb8u16A~4.2.4.201809041803 fixes: This update addresses the following issue(s): * * processing of certain records when "deny-answer-aliases" is in use may trigger an assert leading to a denial of service (CVE-2018-5740)
--- mirror/ftp/4.2/unmaintained/4.2-4/source/bind9_9.9.5.dfsg-9+deb8u15A~4.2.3.201802061643.dsc +++ apt/ucs_4.2-0-errata4.2-4/source/bind9_9.9.5.dfsg-9+deb8u16A~4.2.4.201809041803.dsc @@ -1,4 +1,4 @@ -1:9.9.5.dfsg-9+deb8u15A~4.2.3.201802061643 [Wed, 07 Feb 2018 13:59:01 +0100] Univention builddaemon <buildd@univention.de>: +1:9.9.5.dfsg-9+deb8u16A~4.2.4.201809041803 [Tue, 04 Sep 2018 18:03:57 +0200] Univention builddaemon <buildd@univention.de>: * UCS auto build. The following patches have been applied to the original source package 0001-Bug-22478-build-bind-with-libdb4.8 @@ -16,6 +16,13 @@ 0013-Bug-28748-Default-LDAP-timeout-60s 0014-Bug-42389-Fix-crash-on-shutdown +1:9.9.5.dfsg-9+deb8u16 [Wed, 28 Aug 2018 18:03:02 +0200] Thorsten Alteholz <debian@alteholz.de>: + + * Non-maintainer upload by the LTS Team. + * CVE-2018-5740 + The "deny-answer-aliases" feature in BIND has a flaw which can + cause named to exit with an assertion failure. + 1:9.9.5.dfsg-9+deb8u15 [Mon, 15 Jan 2018 22:58:53 +0100] Salvatore Bonaccorso <carnil@debian.org>: * Non-maintainer upload by the Security Team. <http://10.200.17.11/4.2-4/#226634439248373703>
The upstream package has been imported and UCS patches have been merged automatically from 4.2-0-0-ucs/1:9.9.5.dfsg-9+deb8u15-errata4.2-3 to 4.2-0-0-ucs/1:9.9.5.dfsg-9+deb8u16-errata4.2-4 The package has been built for i386 and amd64. The piuparts result and advisory look ok.
<http://errata.software-univention.de/ucs/4.2/501.html>