Stay Secure with the Latest Linux Advisories

security advisorydenial of serviceUbuntu

Ubuntu 20.04 LTS: USN-4468-1 Critical: Bind Denial Of Service Risks

Several security issues were fixed in Bind.. =========================================================================Ubuntu Security Notice USN-4468-1 August 21, 2020 bind9 vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in Bind. Software Description: - bind9: Internet Domain Name Server Details: Emanuel Almeida discovered that Bind incorrectly handled certain TCP payloads. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-8620) Joseph Gullo discovered that Bind incorrectly handled QNAME minimization when used in certain configurations. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-8621) Dave Feldman, Jeff Warren, and Joel Cunningham discovered that Bind incorrectly handled certain truncated responses to a TSIG-signed request. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. (CVE-2020-8622) Lyu Chiy discovered that Bind incorrectly handled certain queries. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. (CVE-2020-8623) Joop Boonen discovered that Bind incorrectly handled certain subdomain update-policy rules. A remote attacker granted privileges to change certain parts of a zone could use this issue to change other contents of the zone, contrary to expectations. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-8624) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: bind9 1:9.16.1-0ubuntu2.3 Ubuntu 18.04 LTS: bind9 1:9.11.3+dfsg-1ubuntu1.13 Ubuntu 16.04 LTS: bind9 1:9.10.3.dfsg.P4-8ubuntu1.17 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4468-1 CVE-2020-8620, CVE-2020-8621, CVE-2020-8622, CVE-2020-8623, CVE-2020-8624 Package Information: https://launchpad.net/ubuntu/+source/bind9/1:9.16.1-0ubuntu2.3 https://launchpad.net/ubuntu/+source/bind9/1:9.11.3+dfsg-1ubuntu1.13 https://launchpad.net/ubuntu/+source/bind9/1:9.10.3.dfsg.P4-8ubuntu1.17 . A new security advisory for Ubuntu highlights vulnerabilities in bind9 affecting multiple LTS releases and provides effective measures for remediation. Ubuntu Bind9 Security Advisory, Denial of Service, Update Instructions, BIND Vulnerabilities, Ubuntu LTS Security. . Severity: Critical. LinuxSecurity.com Team

Aug 21, 2020 •Critical Ubuntu