lp:ubuntu/wily-proposed/bind9
- Get this branch:
- bzr branch lp:ubuntu/wily-proposed/bind9
Branch merges
Branch information
Recent revisions
- 79. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service in DNSSEC-signed record validation
via malformed keys
- fix validation inlib/dns/hmac_link. c, lib/dns/ include/ dst/dst. h,
lib/dns/ncache. c, lib/dns/ openssldh_ link.c,
lib/dns/openssldsa_ link.c, lib/dns/ opensslecdsa_ link.c,
lib/dns/opensslrsa_ link.c, lib/dns/resolver.c.
- CVE-2015-5722 - 78. By Michael Gilbert <email address hidden>
-
Fix CVE-2015-5477: maliciously crafted TKEY query can cause named to exit
(closes: #793903). - 77. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service in TKEY record query handling
- lib/dns/tkey.c: clear out name before trying the answer section.
- CVE-2015-5477 - 76. By Michael Gilbert <email address hidden>
-
Fix CVE-2015-4620: DNSSEC validation of a malicously crafted zone can
cause the resolver to crash (closes: #791715). - 75. By Marc Deslauriers
-
* SECURITY UPDATE: resolver DoS via specially crafted zone data
- lib/dns/validator. c: don't use uninitialized fixedname.
- CVE-2015-4620 - 74. By Michael Gilbert <email address hidden>
-
Fix CVE-2015-1349: named crash due to managed key rollover, primarily only
affecting setups using DNSSEC (closes: #778733). - 73. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via revoking a managed trust anchor
and supplying an untrusted replacement
- lib/dns/zone.c: avoid crash due to managed-key rollover
- Based on patch supplied by Evan Hunt <email address hidden>
- CVE-2015-1349 - 72. By Michael Gilbert <email address hidden>
-
Launch rndc command in the background in networking scripts to avoid a
hang in named from bringing down the entire network (closes: #760555). - 71. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via delegation handling defect
- limit max recursion in bin/named/config.c, bin/named/query.c,
bin/named/server. c, lib/dns/adb.c, lib/dns/ include/ dns/adb. h,
lib/dns/include/ dns/resolver. h, lib/dns/resolver.c,
lib/export/ isc/Makefile. in, lib/isc/counter.c,
lib/isc/include/ isc/counter. h, lib/isc/ include/ isc/Makefile. in,
lib/isc/include/ isc/types. h, lib/isc/ Makefile. in,
lib/isc/tests/ counter_ test.c, lib/isc/ tests/Makefile. in,
lib/isccfg/ namedconf. c.
- Patch extracted from 9.9.6-P1.
- CVE-2014-8500 - 70. By Michael Gilbert <email address hidden>
-
Include dlz_dlopen.h in libbind-dev (closes: #769117).
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/wily/bind9