Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

Ubuntu 16.04 ESM USN-5626-2: Critical Bind DoS Threats Resolved

ubuntu
Calendar Grey September 21, 2022
Dist Ubuntu Esm H88
Various vulnerabilities in Bind have been resolved, impacting Ubuntu 14.04 and 16.04 Extended Security Maintenance, regarding denial of service risks.
Several security issues were fixed in Bind.

Summary

Several security issues were fixed in Bind.

Software Description:

- bind9: Internet Domain Name Server

Details:

USN-5626-1 fixed several vulnerabilities in Bind. This update provides

the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

Yehuda Afek, Anat Bremler-Barr, and Shani Stajnrod discovered that Bind

incorrectly handled large delegations. A remote attacker could possibly use

this issue to reduce performance, leading to a denial of service.

(CVE-2022-2795)

It was discovered that Bind incorrectly handled memory when processing

ECDSA DNSSEC verification. A remote attacker could use this issue to

consume resources, leading to a denial of service. (CVE-2022-38177)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 ESM:
  bind9                           1:9.10.3.dfsg.P4-8ubuntu1.19+esm3

Ubuntu 14.04 ESM:
  bind9                           1:9.9.5.dfsg-3ubuntu0.19+esm7

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5626-2

https://ubuntu.com/security/notices/USN-5626-1

CVE-2022-2795, CVE-2022-38177

Severity
critical
Lowest
Low
Medium
High
Critical

September 21, 2022

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.