Ubuntu
bind9 package

Change logs for bind9 source package in Wily

Wily (15.10)
Change log

bind9 (1:9.9.5.dfsg-11ubuntu1.3) wily-security; urgency=medium

  * SECURITY UPDATE: denial of service via rndc control channel input
    parsing error
    - properly check data in bin/named/control.c, bin/named/controlconf.c,
      bin/rndc/rndc.c, lib/isccc/cc.c.
    - CVE-2016-1285
  * SECURITY UPDATE: denial of service via resource record signatures
    parsing issue
    - fix improper DNAME handling in lib/dns/resolver.c.
    - CVE-2016-1286

 -- Marc Deslauriers <email address hidden>  Tue, 08 Mar 2016 08:26:39 -0500

bind9 (1:9.9.5.dfsg-11ubuntu1.2) wily-security; urgency=medium

  * SECURITY UPDATE: denial of service via string formatting operations
    - lib/dns/rdata/in_1/apl_42.c: use correct length.
    - CVE-2015-8704

 -- Marc Deslauriers <email address hidden>  Mon, 18 Jan 2016 07:50:57 -0500

bind9 (1:9.9.5.dfsg-11ubuntu1.1) wily-security; urgency=medium

  * SECURITY UPDATE: REQUIRE failure via incorrect class
    - properly handle class in lib/dns/include/dns/message.h,
      lib/dns/message.c, lib/dns/resolver.c, lib/dns/xfrin.c.
    - CVE-2015-8000

 -- Marc Deslauriers <email address hidden>  Mon, 14 Dec 2015 12:51:53 -0500

bind9 (1:9.9.5.dfsg-11ubuntu1) wily; urgency=medium

  * SECURITY UPDATE: denial of service in DNSSEC-signed record validation
    via malformed keys
    - fix validation inlib/dns/hmac_link.c, lib/dns/include/dst/dst.h,
      lib/dns/ncache.c, lib/dns/openssldh_link.c,
      lib/dns/openssldsa_link.c, lib/dns/opensslecdsa_link.c,
      lib/dns/opensslrsa_link.c, lib/dns/resolver.c.
    - CVE-2015-5722

 -- Marc Deslauriers <email address hidden>  Tue, 01 Sep 2015 13:54:11 -0400

bind9 (1:9.9.5.dfsg-11) unstable; urgency=high

  * Fix CVE-2015-5477: maliciously crafted TKEY query can cause named to exit
    (closes: #793903).

 -- Michael Gilbert <email address hidden>  Wed, 29 Jul 2015 23:46:48 +0000

bind9 (1:9.9.5.dfsg-10ubuntu1) wily; urgency=medium

  * SECURITY UPDATE: denial of service in TKEY record query handling
    - lib/dns/tkey.c: clear out name before trying the answer section.
    - CVE-2015-5477

 -- Marc Deslauriers <email address hidden>  Mon, 27 Jul 2015 11:36:40 -0400

bind9 (1:9.9.5.dfsg-10) unstable; urgency=high

  * Fix CVE-2015-4620: DNSSEC validation of a malicously crafted zone can
    cause the resolver to crash (closes: #791715).

 -- Michael Gilbert <email address hidden>  Thu, 09 Jul 2015 00:43:38 +0000

bind9 (1:9.9.5.dfsg-9ubuntu1) wily; urgency=medium

  * SECURITY UPDATE: resolver DoS via specially crafted zone data
    - lib/dns/validator.c: don't use uninitialized fixedname.
    - CVE-2015-4620

 -- Marc Deslauriers <email address hidden>  Mon, 29 Jun 2015 14:56:15 -0400

bind9 (1:9.9.5.dfsg-9) unstable; urgency=high


  * Fix CVE-2015-1349: named crash due to managed key rollover, primarily only
    affecting setups using DNSSEC (closes: #778733).

 -- Michael Gilbert <email address hidden>  Thu, 19 Feb 2015 03:42:21 +0000

Ubuntubind9 package

Change logs for bind9 source package in Wily

Ubuntu
bind9 package