Univention Bugzilla – Bug 54026
bind9: Multiple issues (4.4)
Last modified: 2021-11-03 16:43:49 CET
New Debian bind9 1:9.10.3.dfsg.P4-12.3+deb9u10A~4.4.8.202111030617 fixes: This update addresses the following issues: * processing of certain records when "deny-answer-aliases" is in use may trigger an assert leading to a denial of service (CVE-2018-5740) * Lame cache can be abused to severely degrade resolver performance (CVE-2021-25219)
--- mirror/ftp/4.4/unmaintained/component/4.4-8-errata/source/bind9_9.10.3.dfsg.P4-12.3+deb9u9A~4.4.8.202105100950.dsc +++ apt/ucs_4.4-0-errata4.4-8/source/bind9_9.10.3.dfsg.P4-12.3+deb9u10A~4.4.8.202111030617.dsc @@ -1,4 +1,4 @@ -1:9.10.3.dfsg.P4-12.3+deb9u9A~4.4.8.202105100950 [Mon, 10 May 2021 10:03:45 +0200] Univention builddaemon <buildd@univention.de>: +1:9.10.3.dfsg.P4-12.3+deb9u10A~4.4.8.202111030617 [Wed, 03 Nov 2021 06:24:45 +0100] Univention builddaemon <buildd@univention.de>: * UCS auto build. The following patches have been applied to the original source package 0001-Bug-22478-build-bind-with-libdb4.8 @@ -17,6 +17,22 @@ 0014-Bug-42389-Fix-crash-on-shutdown 0016-Bug-46526-Fix-memory-leak +1:9.10.3.dfsg.P4-12.3+deb9u10 [Tue, 02 Nov 2021 00:05:57 +0100] Markus Koschany <apo@debian.org>: + + * Non-maintainer upload by the LTS team. + * Fix CVE-2021-25219: + In BIND exploitation of broken authoritative servers using a flaw in + response processing can cause degradation in BIND resolver performance. The + way the lame cache is currently designed makes it possible for its internal + data structures to grow almost infinitely, which may cause significant + delays in client query processing. + * Fix CVE-2018-5740: + "deny-answer-aliases" is a little-used feature intended to help recursive + server operators protect end users against DNS rebinding attacks, a + potential method of circumventing the security model used by client + browsers. However, a defect in this feature makes it easy, when the feature + is in use, to experience an assertion failure in name.c. + 1:9.10.3.dfsg.P4-12.3+deb9u9 [Mon, 03 May 2021 12:32:54 +0200] Emilio Pozuelo Monfort <pochu@debian.org>: * Non-maintainer upload by the LTS Team. <http://piuparts.knut.univention.de/4.4-8/#8566251427853356754>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-8] ed2b4ab11c Bug #54026: bind9 1:9.10.3.dfsg.P4-12.3+deb9u10A~4.4.8.202111030617 doc/errata/staging/bind9.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) [4.4-8] 9096fdb581 Bug #54026: bind9 1:9.10.3.dfsg.P4-12.3+deb9u10A~4.4.8.202111030617 doc/errata/staging/bind9.yaml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x1078>