Ubuntu
bind9 package

DNS rebinding protection is ineffective when BIND is configured as a forwarding DNS server

Bug #1873046 reported by Andreas Hasenack
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
bind9 (Ubuntu)
Fix Released
Undecided
Andreas Hasenack

Bug Description

This affects focal which is at 9.16.1 at the moment.

Upstream MP: https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/3343

Upstream released 9.16.2[1] with the fix, and of course other changes.

1. https://downloads.isc.org/isc/bind9/9.16.2/RELEASE-NOTES-bind-9.16.2.html

See original description

Related branches

~ahasenack/ubuntu/+source/bind9:groovy-bind-9.16.2-merge
Rafael David Tinoco (community): Approve
Canonical Server: Pending requested
Canonical Server Core Reviewers: Pending requested
Diff: 1245 lines (+1064/-14)
11 files modified
debian/NEWS (+24/-0)
debian/bind9-dnsutils.install (+0/-2)
debian/bind9.apport (+24/-0)
debian/changelog (+843/-0)
debian/control (+4/-4)
debian/patches/CVE-2020-8616.patch (+137/-0)
debian/patches/CVE-2020-8617.patch (+27/-0)
debian/patches/series (+2/-0)
debian/rules (+2/-3)
debian/tests/control (+1/-1)
debian/tests/simpletest (+0/-4)
~ahasenack/ubuntu/+source/bind9:focal-bind9-rebinding-protection-fix
Lucas Kanashiro (community): Approve
Diff: 70 lines (+49/-0)
3 files modified
debian/changelog (+7/-0)
debian/patches/fix-rebinding-protection.patch (+41/-0)
debian/patches/series (+1/-0)
Andreas Hasenack (ahasenack)
description: updated
Changed in bind9 (Ubuntu):
assignee: nobody → Andreas Hasenack (ahasenack)
status: New → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package bind9 - 1:9.16.1-0ubuntu2

---------------
bind9 (1:9.16.1-0ubuntu2) focal; urgency=medium

  * d/p/fix-rebinding-protection.patch: fix rebinding protection bug
    when using forwarder setups (LP: #1873046)

 -- Andreas Hasenack <email address hidden> Wed, 15 Apr 2020 14:59:51 -0300

Changed in bind9 (Ubuntu):
status: In Progress → Fix Released
Revision history for this message
K Kretz (kevinkretz) wrote :

Could you add some information about what particular feature or configuration was rendered ineffective, and what was meant by 'ineffective'?

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

The original gitlab issue opened to track this is still private it seems[1]. All other details I have are in the MP diff[2].

1. https://gitlab.isc.org/isc-projects/bind9/-/issues/1574
2. https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/3343/diffs

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.