lp:ubuntu/hardy-security/bind9
- Get this branch:
- bzr branch lp:ubuntu/hardy-security/bind9
Branch merges
Branch information
Recent revisions
- 38. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via specific combinations of RDATA
- bin/named/query.c: fix logic
- Patch backported from 9.8.3-P4
- CVE-2012-5166 - 37. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via large crafted resource record
- check length in lib/dns/include/ dns/rdata. h,
lib/dns/{master, rdata,rdataslab }.c.
- Patch backported from 9.6-ESV-R7-P3
- CVE-2012-4244 - 36. By Marc Deslauriers
-
* SECURITY UPDATE: ghost domain names attack
- lib/dns/rbtdb.c: Restrict the TTL of NS RRset to no more than that
of the old NS RRset when replacing it.
- Patch backported from 9.6-ESV-R6.
- CVE-2012-1033
* SECURITY UPDATE: denial of service via zero length rdata handling
- lib/dns/rdata.c, lib/dns/ rdataslab. c: use sentinel pointer for
duplicate rdata.
- Patch backported from 9.6-ESV-R7-P1.
- CVE-2012-1667 - 35. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via specially crafted packet
- bin/named/query.c, lib/dns/ rbtdb.c: correctly handle cache lookups
that return RRSIG data associated with nonexistent records.
- Patch backported from 9.4-ESV-R5-P1.
- CVE-2011-4313 - 34. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via specially crafted packet
- lib/dns/include/ dns/rdataset. h, lib/dns/ {masterdump, message, ncache,
nsec3,rbtdb,rdataset, resolver, validator} .c: Use an rdataset attribute
flag to indicate negative-cache records rather than using rrtype 0.
- Patch backported from 9.6-ESV-R4-P3.
- CVE-2011-2464 - 33. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via multiple trust anchors for a
single zone
- lib/dns/validator. c: fix arguments to dns_keytable_ findnextkeynode ().
- Upstream change 2869.
- CVE-2010-3762
* SECURITY UPDATE: denial of service via off-by-one
- lib/dns/ncache.c: correctly validate length.
- Patch backported from 9.4-ESV-R4-P1.
- CVE-2011-1910
* Added tests for previous security update to test suite and backport
DNS_DBFIND_ADDITIONALOK so they work. - 32. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via ncache entry and a rrsig for the
same type
- lib/dns/rbtdb.c: properly mark existing RRSIG records as stale.
- CVE-2010-3613
* SECURITY UPDATE: answers incorrectly marked as insecure during key
algorithm rollover
- lib/dns/include/ dns/types. h, lib/dns/ validator. c: improve logic.
- CVE-2010-3614 - 31. By Marc Deslauriers
-
* SECURITY UPDATE: incorrect cache update from additional section
- bin/named/query.c, lib/dns/include/ dns/types. h,
lib/dns/{resolver. c,validator. c}: further fixes backported from
9.4.3-P5
- CVE-2009-4022
* SECURITY UPDATE: incorrect caching of bogus NXDOMAIN responses
- bin/named/query.c, lib/dns/include/ dns/types. h,
lib/dns/{resolver. c,validator. c}: fixes backported from 9.4.3-P5
- CVE-2010-0097 - 30. By Marc Deslauriers
-
* SECURITY UPDATE: incorrect cache update from additional section
- bin/named/query.c, lib/dns/{include/ dns/types. h,masterdump. c,
rbtdb.c,resolver. c,validator. c}: handle the additional section
properly. lib/dns/api, version: increment versions.
- debian/*: increment to libdns36, add libdns35 metapackage so
upgrade-manager won't hold the bind9 upgrade back.
- CVE-2009-4022
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/lucid/bind9