-
bind9 (1:9.7.3.dfsg-1ubuntu4.6) oneiric-security; urgency=low
* SECURITY UPDATE: denial of service via regex syntax checking
- configure,configure.in,config.h.in: remove check for regex.h to
disable regex syntax checking.
- CVE-2013-2266
-- Marc Deslauriers <email address hidden> Thu, 28 Mar 2013 15:25:23 -0400
-
bind9 (1:9.7.3.dfsg-1ubuntu4.5) oneiric-security; urgency=low
* SECURITY UPDATE: denial of service via specific combinations of RDATA
- bin/named/query.c: fix logic
- Patch backported from 9.8.3-P4
- CVE-2012-5166
-- Marc Deslauriers <email address hidden> Fri, 05 Oct 2012 09:45:39 -0400
-
bind9 (1:9.7.3.dfsg-1ubuntu4.4) oneiric-security; urgency=low
* SECURITY UPDATE: denial of service via large crafted resource record
- check length in lib/dns/include/dns/rdata.h,
lib/dns/{master,rdata,rdataslab}.c.
- Patch backported from 9.7.6-P3
- CVE-2012-4244
-- Marc Deslauriers <email address hidden> Wed, 12 Sep 2012 16:16:57 -0400
-
bind9 (1:9.7.3.dfsg-1ubuntu4.3) oneiric-security; urgency=low
* SECURITY UPDATE: denial of service via dnssec validation load
- lib/dns/resolver.c: don't use bad->expire before it has been set.
- Patch backported from 9.7.6-P2.
- CVE-2012-3817
-- Marc Deslauriers <email address hidden> Wed, 25 Jul 2012 16:24:44 -0400
-
bind9 (1:9.7.3.dfsg-1ubuntu4.2) oneiric-security; urgency=low
* SECURITY UPDATE: ghost domain names attack
- lib/dns/rbtdb.c: Restrict the TTL of NS RRset to no more than that
of the old NS RRset when replacing it.
- Patch backported from 9.7.5.
- CVE-2012-1033
* SECURITY UPDATE: denial of service via zero length rdata handling
- lib/dns/rdata.c,lib/dns/rdataslab.c: use sentinel pointer for
duplicate rdata.
- Patch backported from 9.7.6-P1.
- CVE-2012-1667
-- Marc Deslauriers <email address hidden> Mon, 04 Jun 2012 13:26:07 -0400
-
bind9 (1:9.7.3.dfsg-1ubuntu4.1) oneiric-security; urgency=low
* SECURITY UPDATE: denial of service via specially crafted packet
- bin/named/query.c,lib/dns/rbtdb.c: correctly handle cache lookups
that return RRSIG data associated with nonexistent records.
- Patch backported from 9.7.4-P1.
- CVE-2011-4313
-- Marc Deslauriers <email address hidden> Wed, 16 Nov 2011 14:22:11 -0500
-
bind9 (1:9.7.3.dfsg-1ubuntu4) oneiric; urgency=low
* debian/apparmor-profile: Allow /var/run and /run. (LP: #810270)
-- Martin Pitt <email address hidden> Thu, 14 Jul 2011 15:15:45 +0200
-
bind9 (1:9.7.3.dfsg-1ubuntu3) oneiric; urgency=low
* SECURITY UPDATE: denial of service via specially crafted packet
- lib/dns/include/dns/rdataset.h, lib/dns/{masterdump,message,ncache,
nsec3,rbtdb,rdataset,resolver,validator}.c: Use an rdataset attribute
flag to indicate negative-cache records rather than using rrtype 0.
- Patch backported from 9.7.3-P3.
- CVE-2011-2464
-- Marc Deslauriers <email address hidden> Tue, 05 Jul 2011 08:33:30 -0400
-
bind9 (1:9.7.3.dfsg-1ubuntu2.1) natty-security; urgency=low
* SECURITY UPDATE: denial of service via off-by-one
- lib/dns/ncache.c: correctly validate length.
- Patch backported from 9.7.3-P1.
- CVE-2011-1910
-- Marc Deslauriers <email address hidden> Fri, 27 May 2011 12:50:40 -0400
-
bind9 (1:9.7.3.dfsg-1ubuntu2) natty; urgency=low
* debian/rules, configure, contrib/dlz/config.dlz.in: use
DEB_HOST_MULTIARCH so we can find multiarch libraries and fix FTBFS.
(LP: #745642)
-- Marc Deslauriers <email address hidden> Wed, 30 Mar 2011 10:19:37 -0400