Ubuntu 3893-1: Bind vulnerabilities

    Date22 Feb 2019
    CategoryUbuntu
    2256
    Posted ByLinuxSecurity Advisories
    Several security issues were fixed in Bind.
    ==========================================================================
    Ubuntu Security Notice USN-3893-1
    February 22, 2019
    
    bind9 vulnerabilities
    ==========================================================================
    
    A security issue affects these releases of Ubuntu and its derivatives:
    
    - Ubuntu 18.10
    - Ubuntu 18.04 LTS
    - Ubuntu 16.04 LTS
    - Ubuntu 14.04 LTS
    
    Summary:
    
    Several security issues were fixed in Bind.
    
    Software Description:
    - bind9: Internet Domain Name Server
    
    Details:
    
    Toshifumi Sakaguchi discovered that Bind incorrectly handled memory. A
    remote attacker could possibly use this issue to cause Bind to consume
    resources, leading to a denial of service. This issue only affected Ubuntu
    18.04 LTS and Ubuntu 18.10. (CVE-2018-5744)
    
    It was discovered that Bind incorrectly handled certain trust anchors when
    used with the "managed-keys" feature. A remote attacker could possibly use
    this issue to cause Bind to crash, resulting in a denial of service.
    (CVE-2018-5745)
    
    It was discovered that Bind incorrectly handled certain controls for zone
    transfers, contrary to expectations. (CVE-2019-6465)
    
    Update instructions:
    
    The problem can be corrected by updating your system to the following
    package versions:
    
    Ubuntu 18.10:
      bind9                           1:9.11.4+dfsg-3ubuntu5.1
    
    Ubuntu 18.04 LTS:
      bind9                           1:9.11.3+dfsg-1ubuntu1.5
    
    Ubuntu 16.04 LTS:
      bind9                           1:9.10.3.dfsg.P4-8ubuntu1.12
    
    Ubuntu 14.04 LTS:
      bind9                           1:9.9.5.dfsg-3ubuntu0.19
    
    In general, a standard system update will make all the necessary changes.
    
    References:
      https://usn.ubuntu.com/usn/usn-3893-1
      CVE-2018-5744, CVE-2018-5745, CVE-2019-6465
    
    Package Information:
      https://launchpad.net/ubuntu/+source/bind9/1:9.11.4+dfsg-3ubuntu5.1
      https://launchpad.net/ubuntu/+source/bind9/1:9.11.3+dfsg-1ubuntu1.5
      https://launchpad.net/ubuntu/+source/bind9/1:9.10.3.dfsg.P4-8ubuntu1.12
      https://launchpad.net/ubuntu/+source/bind9/1:9.9.5.dfsg-3ubuntu0.19
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    Have you used our RSS feeds?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    /component/communitypolls/?task=poll.vote&format=json
    21
    radio
    [{"id":"77","title":"Yes, for articles","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"78","title":"Yes, for advisories","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"79","title":"Hybrid that contains both","votes":"0","type":"x","order":"3","pct":0,"resources":[]},{"id":"80","title":"No","votes":"0","type":"x","order":"4","pct":0,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.