bind9 1:9.10.3.dfsg.P4-12.5ubuntu1 source package in Ubuntu

Changelog

bind9 (1:9.10.3.dfsg.P4-12.5ubuntu1) artful; urgency=medium

  * Merge with Debian unstable (LP: #1701687). Remaining changes:
    - Add RemainAfterExit to bind9-resolvconf unit configuration file
      (LP #1536181).
    - rules: Fix path to libsofthsm2.so. (LP #1685780)
  * Drop:
    - SECURITY UPDATE: denial of service via assertion failure
      + debian/patches/CVE-2016-2776.patch: properly handle lengths in
        lib/dns/message.c.
      + CVE-2016-2776
      + [Fixed in Debian 1:9.10.3.dfsg.P4-11]
    - SECURITY UPDATE: assertion failure via class mismatch
      + debian/patches/CVE-2016-9131.patch: properly handle certain TKEY
        records in lib/dns/resolver.c.
      + CVE-2016-9131
      + [Fixed in Debian 1:9.10.3.dfsg.P4-11]
    - SECURITY UPDATE: assertion failure via inconsistent DNSSEC information
      + debian/patches/CVE-2016-9147.patch: fix logic when records are
        returned without the requested data in lib/dns/resolver.c.
      + CVE-2016-9147
      + [Fixed in Debian 1:9.10.3.dfsg.P4-11]
    - SECURITY UPDATE: assertion failure via unusually-formed DS record
      + debian/patches/CVE-2016-9444.patch: handle missing RRSIGs in
        lib/dns/message.c, lib/dns/resolver.c.
      + CVE-2016-9444
      + [Fixed in Debian 1:9.10.3.dfsg.P4-11]
    - SECURITY UPDATE: regression in CVE-2016-8864
      + debian/patches/rt43779.patch: properly handle CNAME -> DNAME in
        responses in lib/dns/resolver.c, added tests to
        bin/tests/system/dname/ns2/example.db,
        bin/tests/system/dname/tests.sh.
      + No CVE number
      + [Fixed in Debian 1:9.10.3.dfsg.P4-11 and 1:9.10.3.dfsg.P4-12]
    - SECURITY UPDATE: Combining dns64 and rpz can result in dereferencing
      a NULL pointer
      + debian/patches/CVE-2017-3135.patch: properly handle dns64 and rpz
        combination in bin/named/query.c, lib/dns/message.c,
        lib/dns/rdataset.c.
      + CVE-2017-3135
      + [Fixed in Debian 1:9.10.3.dfsg.P4-12]
    - SECURITY UPDATE: regression in CVE-2016-8864
      + debian/patches/rt44318.patch: synthesised CNAME before matching DNAME
        was still being cached when it should have been in lib/dns/resolver.c,
        added tests to bin/tests/system/dname/ans3/ans.pl,
        bin/tests/system/dname/ns1/root.db, bin/tests/system/dname/tests.sh.
      + No CVE number
      + [Fixed in Debian 1:9.10.3.dfsg.P4-12]
    - SECURITY UPDATE: Denial of Service due to an error handling
      synthesized records when using DNS64 with "break-dnssec yes;"
      + debian/patches/CVE-2017-3136.patch: reset noqname if query_dns64()
        called.
      + CVE-2017-3136
      + [Fixed in Debian 1:9.10.3.dfsg.P4-12.3]
    - SECURITY UPDATE: Denial of Service due to resolver terminating when
      processing a response packet containing a CNAME or DNAME
      + debian/patches/CVE-2017-3137.patch: don't expect a specific
        ordering of answer components; add testcases.
      + CVE-2017-3137
      + [Fixed in Debian 1:9.10.3.dfsg.P4-12.3 with 3 patch files]
    - SECURITY UPDATE: Denial of Service when receiving a null command on
      the control channel
      + debian/patches/CVE-2017-3138.patch: don't throw an assert if no
        command token is given; add testcase.
      + CVE-2017-3138
      + [Fixed in Debian 1:9.10.3.dfsg.P4-12.3]
    - SECURITY UPDATE: TSIG authentication issues
      + debian/patches/CVE-2017-3042,3043.patch: fix TSIG logic in
        lib/dns/dnssec.c, lib/dns/message.c, lib/dns/tsig.c.
      + CVE-2017-3142
      + CVE-2017-3143
      + [Fixed in Debian 1:9.10.3.dfsg.P4-12.4]
  * d/p/CVE-2016-8864-regression-test.patch: tests for the regression
    introduced with the CVE-2016-8864.patch and fixed in
    CVE-2016-8864-regression.patch.
  * d/p/CVE-2016-8864-regression2-test.patch: tests for the second
    regression (RT #44318) introduced with the CVE-2016-8864.patch
    and fixed in CVE-2016-8864-regression2.patch.
  * d/control, d/rules: add json support for the statistics channels.
    (LP: #1669193)

 -- Andreas Hasenack <email address hidden>  Fri, 11 Aug 2017 17:12:09 -0300

Upload details

Uploaded by:
Andreas Hasenack on 2017-08-16
Sponsored by:
Nish Aravamudan
Uploaded to:
Artful
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
net
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
bind9_9.10.3.dfsg.P4.orig.tar.gz 8.2 MiB 895077c868d06eea39c1526624f2278a3b51a3358b5aa50f48a0f1c16a7ab6e6
bind9_9.10.3.dfsg.P4-12.5ubuntu1.debian.tar.xz 87.6 KiB fc811c7ce7299ce9230ed580ba114b20fd2e2b6eb5ebe932ce660faba45d4ad2
bind9_9.10.3.dfsg.P4-12.5ubuntu1.dsc 3.5 KiB 6e42852d4621fcb4717c4a4e5fef27b36b0c2fde8c449811e92535881ad6c597

View changes file

Binary packages built by this source

bind9: Internet Domain Name Server

 The Berkeley Internet Name Domain (BIND) implements an Internet domain
 name server. BIND is the most widely-used name server software on the
 Internet, and is supported by the Internet Software Consortium, www.isc.org.
 .
 This package provides the server and related configuration files.

bind9-dbgsym: Debug symbols for bind9
bind9-doc: Documentation for BIND

 This package provides various documents that are useful for maintaining a
 working BIND installation.

bind9-host: Version of 'host' bundled with BIND 9.X

 This package provides the 'host' program in the form that is bundled with
 the BIND 9.X sources.

bind9-host-dbgsym: Debug symbols for bind9-host
bind9utils: Utilities for BIND

 This package provides various utilities that are useful for maintaining a
 working BIND installation.

bind9utils-dbgsym: Debug symbols for bind9utils
dnsutils: Clients provided with BIND

 The Berkeley Internet Name Domain (BIND) implements an Internet domain
 name server. BIND is the most widely-used name server software on the
 Internet, and is supported by the Internet Software Consortium, www.isc.org.
 .
 This package delivers various client programs related to DNS that are
 derived from the BIND source tree.
 .
  - dig - query the DNS in various ways
  - nslookup - the older way to do it
  - nsupdate - perform dynamic updates (See RFC2136)

dnsutils-dbgsym: Debug symbols for dnsutils
host: Transitional package

 This dummy package is provided for a smooth transition from the previous
 host package. It may safely be removed after installation.

libbind-dev: Static Libraries and Headers used by BIND

 This package delivers archive-style libraries, header files, and API man
 pages for libbind, libdns, libisc, and liblwres. These are only needed
 if you want to compile other packages that need more nameserver API than the
 resolver code provided in libc.

libbind-export-dev: Development files for the exported BIND libraries

 The Berkeley Internet Name Domain (BIND) implements an Internet domain
 name server. BIND is the most widely-used name server software on the
 Internet, and is supported by the Internet Software Consortium, www.isc.org.
 .
 This package delivers development files for the exported BIND libraries.

libbind9-140: BIND9 Shared Library used by BIND

 The Berkeley Internet Name Domain (BIND) implements an Internet domain
 name server. BIND is the most widely-used name server software on the
 Internet, and is supported by the Internet Software Consortium, www.isc.org.
 .
 This package delivers the libbind9 shared library used by BIND's daemons and
 clients.

libbind9-140-dbgsym: Debug symbols for libbind9-140
libdns-export162: Exported DNS Shared Library

 The Berkeley Internet Name Domain (BIND) implements an Internet domain
 name server. BIND is the most widely-used name server software on the
 Internet, and is supported by the Internet Software Consortium, www.isc.org.
 .
 This package delivers the exported libdns shared library.

libdns-export162-dbgsym: Debug symbols for libdns-export162
libdns-export162-udeb: Exported DNS library for debian-installer
libdns162: DNS Shared Library used by BIND

 The Berkeley Internet Name Domain (BIND) implements an Internet domain
 name server. BIND is the most widely-used name server software on the
 Internet, and is supported by the Internet Software Consortium, www.isc.org.
 .
 This package delivers the libdns shared library used by BIND's daemons and
 clients.

libdns162-dbgsym: Debug symbols for libdns162
libirs-export141: Exported IRS Shared Library

 The Berkeley Internet Name Domain (BIND) implements an Internet domain
 name server. BIND is the most widely-used name server software on the
 Internet, and is supported by the Internet Software Consortium, www.isc.org.
 .
 This package delivers the exported libirs shared library.

libirs-export141-dbgsym: Debug symbols for libirs-export141
libirs-export141-udeb: Exported IRS library for debian-installer
libirs141: DNS Shared Library used by BIND

 The Berkeley Internet Name Domain (BIND) implements an Internet domain
 name server. BIND is the most widely-used name server software on the
 Internet, and is supported by the Internet Software Consortium, www.isc.org.
 .
 This package delivers the libirs shared library used by BIND's daemons and
 clients.

libirs141-dbgsym: Debug symbols for libirs141
libisc-export160: Exported ISC Shared Library

 The Berkeley Internet Name Domain (BIND) implements an Internet domain
 name server. BIND is the most widely-used name server software on the
 Internet, and is supported by the Internet Software Consortium, www.isc.org.
 .
 This package delivers the exported libisc shared library.

libisc-export160-dbgsym: Debug symbols for libisc-export160
libisc-export160-udeb: Exported ISC library for debian-installer
libisc160: ISC Shared Library used by BIND

 The Berkeley Internet Name Domain (BIND) implements an Internet domain
 name server. BIND is the most widely-used name server software on the
 Internet, and is supported by the Internet Software Consortium, www.isc.org.
 .
 This package delivers the libisc shared library used by BIND's daemons and
 clients.

libisc160-dbgsym: Debug symbols for libisc160
libisccc-export140: Command Channel Library used by BIND

 The Berkeley Internet Name Domain (BIND) implements an Internet domain
 name server. BIND is the most widely-used name server software on the
 Internet, and is supported by the Internet Software Consortium, www.isc.org.
 .
 This package delivers the libisccc shared library used by BIND's daemons
 and clients, particularly rndc.

libisccc-export140-dbgsym: Debug symbols for libisccc-export140
libisccc-export140-udeb: Command Channel Library used by BIND

 The Berkeley Internet Name Domain (BIND) implements an Internet domain
 name server. BIND is the most widely-used name server software on the
 Internet, and is supported by the Internet Software Consortium, www.isc.org.
 .
 This package delivers the libisccc shared library used by BIND's daemons
 and clients, particularly rndc.

libisccc140: Command Channel Library used by BIND

 The Berkeley Internet Name Domain (BIND) implements an Internet domain
 name server. BIND is the most widely-used name server software on the
 Internet, and is supported by the Internet Software Consortium, www.isc.org.
 .
 This package delivers the libisccc shared library used by BIND's daemons
 and clients, particularly rndc.

libisccc140-dbgsym: Debug symbols for libisccc140
libisccfg-export140: Exported ISC CFG Shared Library

 The Berkeley Internet Name Domain (BIND) implements an Internet domain
 name server. BIND is the most widely-used name server software on the
 Internet, and is supported by the Internet Software Consortium, www.isc.org.
 .
 This package delivers the exported libisccfg shared library.

libisccfg-export140-dbgsym: Debug symbols for libisccfg-export140
libisccfg-export140-udeb: Exported ISC CFG library for debian-installer
libisccfg140: Config File Handling Library used by BIND

 The Berkeley Internet Name Domain (BIND) implements an Internet domain
 name server. BIND is the most widely-used name server software on the
 Internet, and is supported by the Internet Software Consortium, www.isc.org.
 .
 This package delivers the libisccfg shared library used by BIND's daemons
 and clients to read and write ISC-style configuration files like named.conf
 and rndc.conf.

libisccfg140-dbgsym: Debug symbols for libisccfg140
liblwres141: Lightweight Resolver Library used by BIND

 The Berkeley Internet Name Domain (BIND) implements an Internet domain
 name server. BIND is the most widely-used name server software on the
 Internet, and is supported by the Internet Software Consortium, www.isc.org.
 .
 This package delivers the liblwres shared library used by BIND's daemons
 and clients.

liblwres141-dbgsym: Debug symbols for liblwres141
lwresd: Lightweight Resolver Daemon

 lwresd is the daemon providing name lookup services to clients that use
 the BIND 9 lightweight resolver library. It is essentially a stripped-
 down, caching-only name server that answers queries using the BIND 9
 lightweight resolver protocol rather than the DNS protocol.

lwresd-dbgsym: Debug symbols for lwresd