Ubuntu
bind9 package

lp:ubuntu/dapper-updates/bind9

  1. Dapper (6.06)
  2. dapper-updates
Created by James Westby and last modified
Get this branch:
bzr branch lp:ubuntu/dapper-updates/bind9
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

16. By Marc Deslauriers

* SECURITY UPDATE: denial of service via ncache entry and a rrsig for the
  same type
  - lib/dns/rbtdb.c: properly mark existing RRSIG records as stale. Also
    required backport of change #1997.
  - CVE-2010-3613
* SECURITY UPDATE: answers incorrectly marked as insecure during key
  algorithm rollover
  - lib/dns/include/dns/types.h, lib/dns/validator.c: improve logic.
  - CVE-2010-3614

15. By Marc Deslauriers

* SECURITY UPDATE: incorrect cache update from additional section
  - bin/named/query.c, lib/dns/include/dns/types.h,
    lib/dns/{resolver.c,validator.c}: further fixes backported from
    9.4.3-P5
  - CVE-2009-4022
* SECURITY UPDATE: incorrect caching of bogus NXDOMAIN responses
  - bin/named/query.c, lib/dns/include/dns/types.h,
    lib/dns/{resolver.c,validator.c}: fixes backported from 9.4.3-P5
  - CVE-2010-0097

14. By Marc Deslauriers

* SECURITY UPDATE: incorrect cache update from additional section
  - bin/named/query.c, lib/dns/{include/dns/types.h,masterdump.c,
    rbtdb.c,resolver.c,validator.c}: handle the additional section
    properly. lib/dns/api, version: increment versions.
  - debian/*: increment to libdns23, add libdns21 metapackage so
    upgrade-manager won't hold the bind9 upgrade back.
  - CVE-2009-4022

13. By Kees Cook

* SECURITY UPDATE: server can exit on malicious update packet.
  - bin/named/update.c: backported upstream fix.
  - CVE-2009-0696

12. By Jamie Strandboge

* SECURITY UPDATE: clients treat malformed signatures as good when verifying
  server DSA and ECDSA certificates.
  - update lib/dns/openssldsa_link.c to properly check the return code of
    DSA_do_verify()
  - CVE-2009-0025

11. By LaMont Jones

* SECURITY UPDATE: Randomize UDP query source ports to improve forgery resilience.
* References
  CVE-2008-1447

10. By Kees Cook

* SECURITY UPDATE: query responses could be forged remotely.
* bin/named/client.c, lib/dispatch.c, lib/include/dispatch.h:
  upstream fixes back ported.
* References
  CVE-2007-2926

9. By Kees Cook

* SECURITY UPDATE: remote denial of service.
* lib/dns/include/dns/validator.h, lib/dns/{validator,resolver}.c,
  lib/dns/api: fixes taken from upstream changes between bind 9.3.3 and
  9.3.4, applied inline.
* References
  CVE-2007-0493 CVE-2007-0494

8. By Martin Pitt

* SECURITY UPDATE:
* bin/named/query.c, lib/dns/resolver.c: Apply upstream patch from 9.3.2-P1
  to fix the following flaws:
  - A remote user (DNS server) can send specially crafted RRset responses in
    return to a recursive SIG query to cause the requesting named service to
    crash [CVE-2006-4095].
  - A remote user can also send specially crafted queries to trigger an
    INSIST failure and cause the requesting service(s) to crash
    [CVE-2006-4096].

7. By Matthias Klose

Drop build dependency on g++-3.4 (#292958 was filed for g++-3.3,
fixed in g++-3.4 and up).

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/lucid/bind9
This branch contains Public information 
Everyone can see this information.

Subscribers