Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 510
Alerts This Week
Warning Icon 1 510

Ubuntu 20.04 ESM: USN-5765-1 High: OpenSSL Security Update

ubuntu
Calendar Grey November 29, 2022
Dist Ubuntu Esm H88
Multiple vulnerabilities in Bind addressed in Ubuntu 16.04 and 14.04, with potential denial of service threats outlined in security notification USN-5748-1.
Several security issues were fixed in Bind.

Summary

Several security issues were fixed in Bind.

Software Description:

- bind9: Internet Domain Name Server

Details:

It was discovered that Bind incorrectly handled large query name when using

lightweight resolver protocol. A remote attacker could use this issue to

consume resources, leading to a denial of service. (CVE-2016-2775)

It was discovered that Bind incorrectly handled large zone data size

received via AXFR response. A remote authenticated attacker could use this

issue to consume resources, leading to a denial of service. This issue only

affected Ubuntu 16.04 LTS. (CVE-2016-6170)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 ESM:
  bind9                           1:9.10.3.dfsg.P4-8ubuntu1.19+esm5
  lwresd                          1:9.10.3.dfsg.P4-8ubuntu1.19+esm5

Ubuntu 14.04 ESM:
  bind9                           1:9.9.5.dfsg-3ubuntu0.19+esm9
  lwresd                          1:9.9.5.dfsg-3ubuntu0.19+esm9

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5747-1

CVE-2016-2775, CVE-2016-6170

November 29, 2022

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.