Ubuntu
bind9 package

lp://staging/ubuntu/trusty-security/bind9

  1. Trusty (14.04)
  2. trusty-security
Created by Ubuntu Package Importer and last modified
Get this branch:
bzr branch lp://staging/ubuntu/trusty-security/bind9
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

69. By Marc Deslauriers

* SECURITY UPDATE: denial of service in DNSSEC-signed record validation
  via malformed keys
  - fix validation inlib/dns/hmac_link.c, lib/dns/include/dst/dst.h,
    lib/dns/ncache.c, lib/dns/openssldh_link.c,
    lib/dns/openssldsa_link.c, lib/dns/opensslecdsa_link.c,
    lib/dns/opensslrsa_link.c, lib/dns/resolver.c.
  - CVE-2015-5722

68. By Marc Deslauriers

* SECURITY UPDATE: denial of service in TKEY record query handling
  - lib/dns/tkey.c: clear out name before trying the answer section.
  - CVE-2015-5477

67. By Marc Deslauriers

* SECURITY UPDATE: resolver DoS via specially crafted zone data
  - lib/dns/validator.c: don't use uninitialized fixedname.
  - CVE-2015-4620

66. By Marc Deslauriers

* SECURITY UPDATE: denial of service via revoking a managed trust anchor
  and supplying an untrusted replacement
  - lib/dns/zone.c: avoid crash due to managed-key rollover
  - Based on patch supplied by Evan Hunt <email address hidden>
  - CVE-2015-1349

65. By Marc Deslauriers

* SECURITY UPDATE: denial of service via delegation handling defect
  - limit max recursion in bin/named/config.c, bin/named/query.c,
    bin/named/server.c, lib/dns/adb.c, lib/dns/include/dns/adb.h,
    lib/dns/include/dns/resolver.h, lib/dns/resolver.c,
    lib/export/isc/Makefile.in, lib/isc/counter.c,
    lib/isc/include/isc/counter.h, lib/isc/include/isc/Makefile.in,
    lib/isc/include/isc/types.h, lib/isc/Makefile.in,
    lib/isc/tests/counter_test.c, lib/isc/tests/Makefile.in,
    lib/isccfg/namedconf.c.
  - Patch extracted from 9.9.6-P1.
  - CVE-2014-8500

64. By LaMont Jones

Re-enable rrl (now a configure option). Closes: #741059 LP: #1288823

63. By LaMont Jones

* merge in ubuntu 1:9.9.3.dfsg.P2-4ubuntu3
* move dnssec-coverage to bind9utils. Closes: #739994
* dnssec-{checkds,verify} manpages in wrong package. Closes: #739995

62. By LaMont Jones

[Peter Marschall]

* If rndc.conf exists, skip creation of rndc.key. Closes: #620394

[Al Tarakanoff]

* properly quote check of pid in bind9 init.d. LP: #1092243

[LaMont Jones]

* include distro and package version in version string
* apparmor: allow GeoIP data file access. LP: #834901
* enable filter-aaaa. Closes: #701704 LP: #1115168

61. By LaMont Jones

[Michael Stapelberg]

* add systemd service file. Closes: #718212

[LaMont Jones]

* deliver more dnssec-* tools in bind9utils. Closes: #713026
* support parallel=N DEB_BUILD_OPTIONS, fix -j build. Closes: #713025
* deliver rrl.h and stat.h Closes: #692483, #720813

60. By LaMont Jones

* ack NMUs of 9.8.4
  - upstream 9.9.3-P2 fixes: CVE-2013-4854, CVE-2012-5689,
    CVE-2013-2266
  - deliver rrl.h

[LaMont Jones]

* Use ISC's bin/tests
* Diff cleanup and rationalization to 9.9.3 upstream

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp://staging/ubuntu/vivid/bind9
This branch contains Public information 
Everyone can see this information.

Subscribers