Created by James Westby on 2010-12-01 and last modified on 2014-12-09
Get this branch:
bzr branch lp:ubuntu/lucid-security/bind9
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Ubuntu branches
Review team:
Ubuntu Development Team

Recent revisions

32. By Marc Deslauriers on 2014-12-09

* SECURITY UPDATE: denial of service via delegation handling defect
  - limit max recursion in bin/named/config.c, bin/named/query.c,
    bin/named/server.c, lib/dns/adb.c, lib/dns/include/dns/adb.h,
    lib/dns/include/dns/resolver.h, lib/dns/resolver.c,
    lib/export/isc/Makefile.in, lib/isc/Makefile.in, lib/isc/counter.c,
    lib/isc/include/isc/counter.h, lib/isc/include/isc/Makefile.in,
    lib/isc/include/isc/types.h, lib/isc/tests/counter_test.c,
  - Based on patch provided by upstream.
  - CVE-2014-8500

31. By Marc Deslauriers on 2014-01-10

* SECURITY UPDATE: denial of service when processing NSEC3-signed zone
  - debian/patches/CVE-2014-0591.patch: don't call memcpy with
    overlapping ranges in bin/named/query.c.
  - patch backported from 9.8.6-P2.
  - CVE-2014-0591

30. By Marc Deslauriers on 2013-07-26

* SECURITY UPDATE: denial of service via incorrect bounds checking on
  private type 'keydata'
  - lib/dns/rdata/generic/keydata_65533.c: check for correct length.
  - Patch backported from 9.8.5-P2
  - CVE-2013-4854

29. By Marc Deslauriers on 2013-03-28

* SECURITY UPDATE: denial of service via regex syntax checking
  - configure,configure.in,config.h.in: remove check for regex.h to
    disable regex syntax checking.
  - CVE-2013-2266

28. By Marc Deslauriers on 2012-10-05

* SECURITY UPDATE: denial of service via specific combinations of RDATA
  - bin/named/query.c: fix logic
  - Patch backported from 9.8.3-P4
  - CVE-2012-5166

27. By Marc Deslauriers on 2012-09-13

* SECURITY UPDATE: denial of service via large crafted resource record
  - check length in lib/dns/include/dns/rdata.h,
  - Patch backported from 9.7.6-P3
  - CVE-2012-4244

26. By Marc Deslauriers on 2012-07-25

* SECURITY UPDATE: denial of service via dnssec validation load
  - lib/dns/resolver.c: don't use bad->expire before it has been set.
  - Patch backported from 9.7.6-P2.
  - CVE-2012-3817

25. By Marc Deslauriers on 2012-06-04

* SECURITY UPDATE: ghost domain names attack
  - lib/dns/rbtdb.c: Restrict the TTL of NS RRset to no more than that
    of the old NS RRset when replacing it.
  - Patch backported from 9.7.5.
  - CVE-2012-1033
* SECURITY UPDATE: denial of service via zero length rdata handling
  - lib/dns/rdata.c,lib/dns/rdataslab.c: use sentinel pointer for
    duplicate rdata.
  - Patch backported from 9.7.6-P1.
  - CVE-2012-1667

24. By Marc Deslauriers on 2011-11-16

* SECURITY UPDATE: denial of service via specially crafted packet
  - bin/named/query.c,lib/dns/rbtdb.c: correctly handle cache lookups
    that return RRSIG data associated with nonexistent records.
  - Patch backported from 9.7.4-P1.
  - CVE-2011-4313

23. By Marc Deslauriers on 2011-07-05

* SECURITY UPDATE: denial of service via specially crafted packet
  - lib/dns/include/dns/rdataset.h, lib/dns/{masterdump,message,ncache,
    nsec3,rbtdb,rdataset,resolver,validator}.c: Use an rdataset attribute
    flag to indicate negative-cache records rather than using rrtype 0.
  - Patch backported from 9.7.3-P3.
  - CVE-2011-2464

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
This branch contains Public information 
Everyone can see this information.