Univention Bugzilla – Bug 53236
bind9: Multiple issues (4.4)
Last modified: 2021-05-12 13:37:38 CEST
New Debian bind9 1:9.10.3.dfsg.P4-12.3+deb9u9A~4.4.8.202105100950 fixes: This update addresses the following issues: * A broken inbound incremental zone update (IXFR) can cause named to terminate unexpectedly (CVE-2021-25214) * An assertion check can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself (CVE-2021-25215) * Vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack (CVE-2021-25216)
--- mirror/ftp/4.4/unmaintained/4.4-8/source/bind9_9.10.3.dfsg.P4-12.3+deb9u8A~4.4.7.202102220936.dsc +++ apt/ucs_4.4-0-errata4.4-8/source/bind9_9.10.3.dfsg.P4-12.3+deb9u9A~4.4.8.202105100950.dsc @@ -1,4 +1,4 @@ -1:9.10.3.dfsg.P4-12.3+deb9u8A~4.4.7.202102220936 [Mon, 22 Feb 2021 09:41:31 +0100] Univention builddaemon <buildd@univention.de>: +1:9.10.3.dfsg.P4-12.3+deb9u9A~4.4.8.202105100950 [Mon, 10 May 2021 10:03:45 +0200] Univention builddaemon <buildd@univention.de>: * UCS auto build. The following patches have been applied to the original source package 0001-Bug-22478-build-bind-with-libdb4.8 @@ -17,6 +17,18 @@ 0014-Bug-42389-Fix-crash-on-shutdown 0016-Bug-46526-Fix-memory-leak +1:9.10.3.dfsg.P4-12.3+deb9u9 [Mon, 03 May 2021 12:32:54 +0200] Emilio Pozuelo Monfort <pochu@debian.org>: + + * Non-maintainer upload by the LTS Team. + * CVE-2021-25214: A malformed incoming IXFR transfer could trigger + an assertion failure in ``named``, causing it to quit abnormally. + * CVE-2021-25215: ``named`` crashed when a DNAME record placed in + the ANSWER section during DNAME chasing turned out to be the final + answer to a client query. + * CVE-2021-25216: Compile with system provided SPNEGO + * Ensure all resources are properly cleaned up when a call to + gss_accept_sec_context() fails. + 1:9.10.3.dfsg.P4-12.3+deb9u8 [Fri, 19 Feb 2021 08:37:24 +0000] Chris Lamb <lamby@debian.org>: * CVE-2020-8625: Prevent a buffer overflow attack in the GSSAPI ("Generic <http://piuparts.knut.univention.de/4.4-8/#5038885548604939664>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-8] 06a1d36755 Bug #53236: bind9 1:9.10.3.dfsg.P4-12.3+deb9u9A~4.4.8.202105100950 doc/errata/staging/bind9.yaml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x970>