Ubuntu
bind9 package

  1. Bug #1896740
  2. Comment #2

Comment 2 for bug 1896740

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

9.16.1-0ubuntu2.3 has the patch for 2020-8621:
bind9 (1:9.16.1-0ubuntu2.3) focal-security; urgency=medium

  * SECURITY UPDATE: A specially crafted large TCP payload can trigger an
    assertion failure
    - debian/patches/CVE-2020-8620.patch: add extra checks to
      lib/isc/netmgr/netmgr-int.h, lib/isc/netmgr/netmgr.c,
      lib/isc/netmgr/tcp.c, lib/isc/netmgr/udp.c.
    - CVE-2020-8620
  * SECURITY UPDATE: Attempting QNAME minimization after forwarding can
    lead to an assertion failure
    - debian/patches/CVE-2020-8621.patch: disable QNAME minimization in
      lib/dns/resolver.c.
    - CVE-2020-8621
...

Maybe this is https://gitlab.isc.org/isc-projects/bind9/-/commit/0a22024c270a38a54f0d51621a046b726df158c0 ? Fixed in debian too:

bind9 (1:9.16.6-3) unstable; urgency=medium

  [ Ondřej Surý ]
  * Add upstream patches to fix some rare conditions (Closes: #969448)

  [ Bernhard Schmidt ]
  * Set Restart=on-failure in systemd unit

 -- Bernhard Schmidt <email address hidden> Tue, 15 Sep 2020 00:26:14 +0200