-
bind9 (1:9.9.5.dfsg-9ubuntu0.5) vivid-security; urgency=medium
* SECURITY UPDATE: denial of service via string formatting operations
- lib/dns/rdata/in_1/apl_42.c: use correct length.
- CVE-2015-8704
-- Marc Deslauriers <email address hidden> Mon, 18 Jan 2016 07:55:22 -0500
-
bind9 (1:9.9.5.dfsg-9ubuntu0.4) vivid-security; urgency=medium
* SECURITY UPDATE: REQUIRE failure via incorrect class
- properly handle class in lib/dns/include/dns/message.h,
lib/dns/message.c, lib/dns/resolver.c, lib/dns/xfrin.c.
- CVE-2015-8000
-- Marc Deslauriers <email address hidden> Mon, 14 Dec 2015 13:45:33 -0500
-
bind9 (1:9.9.5.dfsg-9ubuntu0.3) vivid-security; urgency=medium
* SECURITY UPDATE: denial of service in DNSSEC-signed record validation
via malformed keys
- fix validation inlib/dns/hmac_link.c, lib/dns/include/dst/dst.h,
lib/dns/ncache.c, lib/dns/openssldh_link.c,
lib/dns/openssldsa_link.c, lib/dns/opensslecdsa_link.c,
lib/dns/opensslrsa_link.c, lib/dns/resolver.c.
- CVE-2015-5722
-- Marc Deslauriers <email address hidden> Tue, 01 Sep 2015 14:00:06 -0400
-
bind9 (1:9.9.5.dfsg-9ubuntu0.2) vivid-security; urgency=medium
* SECURITY UPDATE: denial of service in TKEY record query handling
- lib/dns/tkey.c: clear out name before trying the answer section.
- CVE-2015-5477
-- Marc Deslauriers <email address hidden> Mon, 27 Jul 2015 11:40:15 -0400
-
bind9 (1:9.9.5.dfsg-9ubuntu0.1) vivid-security; urgency=medium
* SECURITY UPDATE: resolver DoS via specially crafted zone data
- lib/dns/validator.c: don't use uninitialized fixedname.
- CVE-2015-4620
-- Marc Deslauriers <email address hidden> Mon, 29 Jun 2015 14:59:12 -0400
-
bind9 (1:9.9.5.dfsg-9) unstable; urgency=high
* Fix CVE-2015-1349: named crash due to managed key rollover, primarily only
affecting setups using DNSSEC (closes: #778733).
-- Michael Gilbert <email address hidden> Thu, 19 Feb 2015 03:42:21 +0000
-
bind9 (1:9.9.5.dfsg-8ubuntu1) vivid; urgency=medium
* SECURITY UPDATE: denial of service via revoking a managed trust anchor
and supplying an untrusted replacement
- lib/dns/zone.c: avoid crash due to managed-key rollover
- Based on patch supplied by Evan Hunt <email address hidden>
- CVE-2015-1349
-- Marc Deslauriers <email address hidden> Wed, 18 Feb 2015 07:35:41 -0500
-
bind9 (1:9.9.5.dfsg-8) unstable; urgency=medium
* Launch rndc command in the background in networking scripts to avoid a
hang in named from bringing down the entire network (closes: #760555).
-- Michael Gilbert <email address hidden> Thu, 01 Jan 2015 17:51:52 +0000
-
bind9 (1:9.9.5.dfsg-6ubuntu1) vivid; urgency=medium
* SECURITY UPDATE: denial of service via delegation handling defect
- limit max recursion in bin/named/config.c, bin/named/query.c,
bin/named/server.c, lib/dns/adb.c, lib/dns/include/dns/adb.h,
lib/dns/include/dns/resolver.h, lib/dns/resolver.c,
lib/export/isc/Makefile.in, lib/isc/counter.c,
lib/isc/include/isc/counter.h, lib/isc/include/isc/Makefile.in,
lib/isc/include/isc/types.h, lib/isc/Makefile.in,
lib/isc/tests/counter_test.c, lib/isc/tests/Makefile.in,
lib/isccfg/namedconf.c.
- Patch extracted from 9.9.6-P1.
- CVE-2014-8500
-- Marc Deslauriers <email address hidden> Tue, 09 Dec 2014 08:20:27 -0500
-
bind9 (1:9.9.5.dfsg-6) unstable; urgency=medium
* Include dlz_dlopen.h in libbind-dev (closes: #769117).
-- Michael Gilbert <email address hidden> Sun, 30 Nov 2014 22:53:50 +0000
-
bind9 (1:9.9.5.dfsg-5) unstable; urgency=medium
* Avoid libnsl dependency on non-linux architectures. Closes: #766430
* Install export libraries to /lib instead of /usr/lib. Closes: #766544
* Add myself to the maintainer team with approval from LaMont and Bdale.
-- Michael Gilbert <email address hidden> Thu, 30 Oct 2014 02:42:17 +0000
-
bind9 (1:9.9.5.dfsg-4.3) unstable; urgency=medium
* Non-maintainer upload.
* Mark critical section as not parallel in the makefile. Closes: #762766
-- Michael Gilbert <email address hidden> Mon, 13 Oct 2014 04:37:55 +0000