Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

Ubuntu 18.10, 18.04, 16.04: 3893-1 Moderate Bind Denial of Service

ubuntu
Calendar Grey February 22, 2019
Dist Ubuntu Esm H88
=========================================================================Ubuntu Security Notice USN-
Several security issues were fixed in Bind.

Summary

Several security issues were fixed in Bind.

Software Description:

- bind9: Internet Domain Name Server

Details:

Toshifumi Sakaguchi discovered that Bind incorrectly handled memory. A

remote attacker could possibly use this issue to cause Bind to consume

resources, leading to a denial of service. This issue only affected Ubuntu

18.04 LTS and Ubuntu 18.10. (CVE-2018-5744)

It was discovered that Bind incorrectly handled certain trust anchors when

used with the "managed-keys" feature. A remote attacker could possibly use

this issue to cause Bind to crash, resulting in a denial of service.

(CVE-2018-5745)

It was discovered that Bind incorrectly handled certain controls for zone

transfers, contrary to expectations. (CVE-2019-6465)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.10:
  bind9                           1:9.11.4+dfsg-3ubuntu5.1

Ubuntu 18.04 LTS:
  bind9                           1:9.11.3+dfsg-1ubuntu1.5

Ubuntu 16.04 LTS:
  bind9                           1:9.10.3.dfsg.P4-8ubuntu1.12

Ubuntu 14.04 LTS:
  bind9                           1:9.9.5.dfsg-3ubuntu0.19

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-3893-1

CVE-2018-5744, CVE-2018-5745, CVE-2019-6465

February 22, 2019

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here