Change logs for bind9 source package in Wily

  • bind9 (1:9.9.5.dfsg-11ubuntu1.3) wily-security; urgency=medium
    
      * SECURITY UPDATE: denial of service via rndc control channel input
        parsing error
        - properly check data in bin/named/control.c, bin/named/controlconf.c,
          bin/rndc/rndc.c, lib/isccc/cc.c.
        - CVE-2016-1285
      * SECURITY UPDATE: denial of service via resource record signatures
        parsing issue
        - fix improper DNAME handling in lib/dns/resolver.c.
        - CVE-2016-1286
    
     -- Marc Deslauriers <email address hidden>  Tue, 08 Mar 2016 08:26:39 -0500
  • bind9 (1:9.9.5.dfsg-11ubuntu1.2) wily-security; urgency=medium
    
      * SECURITY UPDATE: denial of service via string formatting operations
        - lib/dns/rdata/in_1/apl_42.c: use correct length.
        - CVE-2015-8704
    
     -- Marc Deslauriers <email address hidden>  Mon, 18 Jan 2016 07:50:57 -0500
  • bind9 (1:9.9.5.dfsg-11ubuntu1.1) wily-security; urgency=medium
    
      * SECURITY UPDATE: REQUIRE failure via incorrect class
        - properly handle class in lib/dns/include/dns/message.h,
          lib/dns/message.c, lib/dns/resolver.c, lib/dns/xfrin.c.
        - CVE-2015-8000
    
     -- Marc Deslauriers <email address hidden>  Mon, 14 Dec 2015 12:51:53 -0500
  • bind9 (1:9.9.5.dfsg-11ubuntu1) wily; urgency=medium
    
      * SECURITY UPDATE: denial of service in DNSSEC-signed record validation
        via malformed keys
        - fix validation inlib/dns/hmac_link.c, lib/dns/include/dst/dst.h,
          lib/dns/ncache.c, lib/dns/openssldh_link.c,
          lib/dns/openssldsa_link.c, lib/dns/opensslecdsa_link.c,
          lib/dns/opensslrsa_link.c, lib/dns/resolver.c.
        - CVE-2015-5722
    
     -- Marc Deslauriers <email address hidden>  Tue, 01 Sep 2015 13:54:11 -0400
  • bind9 (1:9.9.5.dfsg-11) unstable; urgency=high
    
      * Fix CVE-2015-5477: maliciously crafted TKEY query can cause named to exit
        (closes: #793903).
    
     -- Michael Gilbert <email address hidden>  Wed, 29 Jul 2015 23:46:48 +0000
  • bind9 (1:9.9.5.dfsg-10ubuntu1) wily; urgency=medium
    
      * SECURITY UPDATE: denial of service in TKEY record query handling
        - lib/dns/tkey.c: clear out name before trying the answer section.
        - CVE-2015-5477
    
     -- Marc Deslauriers <email address hidden>  Mon, 27 Jul 2015 11:36:40 -0400
  • bind9 (1:9.9.5.dfsg-10) unstable; urgency=high
    
      * Fix CVE-2015-4620: DNSSEC validation of a malicously crafted zone can
        cause the resolver to crash (closes: #791715).
    
     -- Michael Gilbert <email address hidden>  Thu, 09 Jul 2015 00:43:38 +0000
  • bind9 (1:9.9.5.dfsg-9ubuntu1) wily; urgency=medium
    
      * SECURITY UPDATE: resolver DoS via specially crafted zone data
        - lib/dns/validator.c: don't use uninitialized fixedname.
        - CVE-2015-4620
    
     -- Marc Deslauriers <email address hidden>  Mon, 29 Jun 2015 14:56:15 -0400
  • bind9 (1:9.9.5.dfsg-9) unstable; urgency=high
    
    
      * Fix CVE-2015-1349: named crash due to managed key rollover, primarily only
        affecting setups using DNSSEC (closes: #778733).
    
     -- Michael Gilbert <email address hidden>  Thu, 19 Feb 2015 03:42:21 +0000