* New upstream release 9.18.21 (LP: #2040359)
- Updates:
+ Update IP addresses for B.ROOT-SERVERS.NET to 170.247.170.2 and 2801:1b8:10::b.
+ Honor nsupdate -v option when server command specified by sending both
the UPDATE request and the initial query over TCP.
+ Mark cookie-algorithm aes as deprecated, use SipHash-2-4, instead.
+ Mark resolver-nonbackoff-tries and resolver-retry-interval as
deprecated.
+ Mark dnssec-must-be-secure as deprecated.
- Bug Fixes:
+ Do not schedule unsigned versions of inline-signed zones containing
DNSSEC records for resigning.
+ Take local authoritative data into account when looking up stale cache
data.
+ Fix use of named -X and lock-file at the same time.
+ Fix improper lock-file removal.
+ Fix bound checking in Content-Length header in the statistics channel.
+ Fix memory leaks from not clearing the OpenSSL error stack.
+ Fix SERVFAIL responses from introduction of krb5-subdomain-self-rhs and ms-subdomain-self-rhs update policies.
+ Fix stale-refresh-time feature being disabled by cache flush.
+ Fix DNS message corruption from partial writes.
- See https://bind9.readthedocs.io/en/v9.18.21/notes.html for additional
information
* d/p/CVE-2023-3341.patch, d/p/CVE-2023-4236.patch: Remove - fixed by
upstream in version 9.18.19
* d/p/always-use-standard-library-stdatomic.patch: Maintain use of the
standard library stdatomic.h
-- Lena Voytek <email address hidden> Thu, 25 Jan 2024 08:37:15 -0700
This bug was fixed in the package bind9 - 1:9.18.21-0ubuntu1
--------------- 21-0ubuntu1) noble; urgency=medium
bind9 (1:9.18.
* New upstream release 9.18.21 (LP: #2040359)
2801:1b8: 10::b. nonbackoff- tries and resolver- retry-interval as must-be- secure as deprecated. self-rhs and
ms-subdomain- self-rhs update policies. /bind9. readthedocs. io/en/v9. 18.21/notes. html for additional 2023-3341. patch, d/p/CVE- 2023-4236. patch: Remove - fixed by use-standard- library- stdatomic. patch: Maintain use of the
- Updates:
+ Update IP addresses for B.ROOT-SERVERS.NET to 170.247.170.2 and
+ Honor nsupdate -v option when server command specified by sending both
the UPDATE request and the initial query over TCP.
+ Mark cookie-algorithm aes as deprecated, use SipHash-2-4, instead.
+ Mark resolver-
deprecated.
+ Mark dnssec-
- Bug Fixes:
+ Do not schedule unsigned versions of inline-signed zones containing
DNSSEC records for resigning.
+ Take local authoritative data into account when looking up stale cache
data.
+ Fix use of named -X and lock-file at the same time.
+ Fix improper lock-file removal.
+ Fix bound checking in Content-Length header in the statistics channel.
+ Fix memory leaks from not clearing the OpenSSL error stack.
+ Fix SERVFAIL responses from introduction of krb5-subdomain-
+ Fix stale-refresh-time feature being disabled by cache flush.
+ Fix DNS message corruption from partial writes.
- See https:/
information
* d/p/CVE-
upstream in version 9.18.19
* d/p/always-
standard library stdatomic.h
-- Lena Voytek <email address hidden> Thu, 25 Jan 2024 08:37:15 -0700