Univention Bugzilla – Bug 54573
bind9: Multiple issues (5.0)
Last modified: 2022-03-23 14:14:50 CET
New Debian bind9 1:9.11.5.P4+dfsg-5.1+deb10u7A~5.0.1.202203212040 fixes: This update addresses the following issue: * The rules for acceptance of records into the cache have been tightened to prevent the possibility of poisoning if forwarders send records outside the configured bailiwick (CVE-2021-25220)
--- mirror/ftp/pool/main/b/bind9/bind9_9.11.5.P4+dfsg-5.1+deb10u6A~5.0.0.202111011209.dsc +++ apt/ucs_5.0-0-errata5.0-1/source/bind9_9.11.5.P4+dfsg-5.1+deb10u7A~5.0.1.202203212040.dsc @@ -1,4 +1,4 @@ -1:9.11.5.P4+dfsg-5.1+deb10u6A~5.0.0.202111011209 [Mon, 01 Nov 2021 12:09:57 +0100] Univention builddaemon <buildd@univention.de>: +1:9.11.5.P4+dfsg-5.1+deb10u7A~5.0.1.202203212040 [Mon, 21 Mar 2022 20:41:18 +0100] Univention builddaemon <buildd@univention.de>: * UCS auto build. The following patches have been applied to the original source package 0001-Bug-22478-build-bind-with-libdb4.8 @@ -18,6 +18,12 @@ 0016-Bug-46526-Fix-memory-leak 0017-Bug-51786-fix-apparmor-profile +1:9.11.5.P4+dfsg-5.1+deb10u7 [Mon, 14 Mar 2022 15:21:48 +0100] Ondřej Surý <ondrej@debian.org>: + + * CVE-2021-25220: The rules for acceptance of records into the cache + have been tightened to prevent the possibility of poisoning if + forwarders send records outside the configured bailiwick. + 1:9.11.5.P4+dfsg-5.1+deb10u6 [Mon, 25 Oct 2021 13:42:31 +0200] Ondřej Surý <ondrej@debian.org>: * CVE-2021-25219: The "lame-ttl" option is now forcibly set to 0. This <http://piuparts.knut.univention.de/5.0-1/#5219390717509639471>
OK: yaml OK: announce_errata OK: patch OK: piuparts ucr set dns/backend=ldap systemctl restart bind9.service journalctl -u univention-bind-ldap.service -u bind9.serivce dig @localhost -p 7777 $(dnsdomainname) axfr dig @localhost -p 53 $(dnsdomainname) axfr ucr set dns/backend=samba4 systemctl restart bind9.service journalctl -u bind9.serivce dig @localhost -p 53 $(dnsdomainname) axfr [5.0-1] b16b3c6992 Bug #54573: bind9 1:9.11.5.P4+dfsg-5.1+deb10u7A~5.0.1.202203212040 doc/errata/staging/bind9.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x252>