Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

Ubuntu 22.04 LTS USN-5626-1 Critical Bind DoS Issues Resolved

ubuntu
Calendar Grey September 21, 2022
Dist Ubuntu Esm H88
Multiple Bind vulnerabilities addressed in Ubuntu that could degrade system performance and pose risks of denial of service.
Several security issues were fixed in Bind.

Summary

Several security issues were fixed in Bind.

Software Description:

- bind9: Internet Domain Name Server

Details:

Yehuda Afek, Anat Bremler-Barr, and Shani Stajnrod discovered that Bind

incorrectly handled large delegations. A remote attacker could possibly use

this issue to reduce performance, leading to a denial of service.

(CVE-2022-2795)

It was discovered that Bind incorrectly handled statistics requests. A

remote attacker could possibly use this issue to obtain sensitive memory

contents, or cause a denial of service. This issue only affected Ubuntu

22.04 LTS. (CVE-2022-2881)

It was discovered that Bind incorrectly handled memory when processing

certain Diffie-Hellman key exchanges. A remote attacker could use this

issue to consume resources, leading to a denial of service. This issue only

affected Ubuntu 22.04 LTS. (CVE-2022-2906)

Maksym Odinintsev discovered that Bind incorrectly handled answers from

cache when configured with a zero stale-answer-t...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS:
  bind9                           1:9.18.1-1ubuntu1.2

Ubuntu 20.04 LTS:
  bind9                           1:9.16.1-0ubuntu2.11

Ubuntu 18.04 LTS:
  bind9                           1:9.11.3+dfsg-1ubuntu1.18

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5626-1

CVE-2022-2795, CVE-2022-2881, CVE-2022-2906, CVE-2022-3080,

CVE-2022-38177, CVE-2022-38178

Severity
critical
Lowest
Low
Medium
High
Critical

September 21, 2022

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.