Univention Bugzilla – Bug 54002
bind9: Multiple issues (5.0)
Last modified: 2021-11-03 17:01:39 CET
New Debian bind9 1:9.11.5.P4+dfsg-5.1+deb10u6A~5.0.0.202111011209 fixes: This update addresses the following issue: * Lame cache can be abused to severely degrade resolver performance (CVE-2021-25219)
--- mirror/ftp/pool/main/b/bind9/bind9_9.11.5.P4+dfsg-5.1+deb10u5A~5.0.0.202105030845.dsc +++ apt/ucs_5.0-0-errata5.0-0/source/bind9_9.11.5.P4+dfsg-5.1+deb10u6A~5.0.0.202111011209.dsc @@ -1,4 +1,4 @@ -1:9.11.5.P4+dfsg-5.1+deb10u5A~5.0.0.202105030845 [Mon, 03 May 2021 08:45:56 +0200] Univention builddaemon <buildd@univention.de>: +1:9.11.5.P4+dfsg-5.1+deb10u6A~5.0.0.202111011209 [Mon, 01 Nov 2021 12:09:57 +0100] Univention builddaemon <buildd@univention.de>: * UCS auto build. The following patches have been applied to the original source package 0001-Bug-22478-build-bind-with-libdb4.8 @@ -18,6 +18,12 @@ 0016-Bug-46526-Fix-memory-leak 0017-Bug-51786-fix-apparmor-profile +1:9.11.5.P4+dfsg-5.1+deb10u6 [Mon, 25 Oct 2021 13:42:31 +0200] Ondřej Surý <ondrej@debian.org>: + + * CVE-2021-25219: The "lame-ttl" option is now forcibly set to 0. This + effectively disables the lame server cache, as it could previously be + abused by an attacker to significantly degrade resolver performance. + 1:9.11.5.P4+dfsg-5.1+deb10u5 [Thu, 29 Apr 2021 12:42:26 +0200] Ondřej Surý <ondrej@debian.org>: * CVE-2021-25214: A malformed incoming IXFR transfer could trigger <http://piuparts.knut.univention.de/5.0-0/#3326681213637528807>
OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-0] 6bb8a3bcfd Bug #54002: bind9 1:9.11.5.P4+dfsg-5.1+deb10u6A~5.0.0.202111011209 doc/errata/staging/bind9.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x135>