You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa bind9

Sigurnosni nedostaci programskog paketa bind9

==========================================================================
Ubuntu Security Notice USN-4365-2
May 20, 2020

bind9 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 ESM
– Ubuntu 12.04 ESM

Summary:

Several security issues were fixed in Bind.

Software Description:
– bind9: Internet Domain Name Server

Details:

USN-4365-1 fixed several vulnerabilities in Bind. This update provides
the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM.
Original advisory details:

Lior Shafir, Yehuda Afek, and Anat Bremler-Barr discovered that Bind
incorrectly limited certain fetches. A remote attacker could possibly use
this issue to cause Bind to consume resources, leading to a denial of
service, or possibly use Bind to perform a reflection attack.
(CVE-2020-8616)

Tobias Klein discovered that Bind incorrectly handled checking TSIG
validity. A remote attacker could use this issue to cause Bind to crash,
resulting in a denial of service, or possibly perform other attacks.
(CVE-2020-8617)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
bind9 1:9.9.5.dfsg-3ubuntu0.19+esm2

Ubuntu 12.04 ESM:
bind9 1:9.8.1.dfsg.P1-4ubuntu0.30

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4365-2
https://usn.ubuntu.com/4365-1
CVE-2020-8616, CVE-2020-8617
—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAl7FgwYACgkQRbznW4QL
H2lKyhAAqdSSJmqCiepxUBQa6/f29DqIbiejAbsO+pev5+2Z8nmjZZlyf1C+ZOB0
Vkf7VgPjRmeeCKyWN7k2UVBjogax5soeTChysS2iPRNcM0eH0KzxpYFLQB1ecwGA
mGUrpoVyehQM2tqiB+bPO4W/LQV2cVTLt2bdAjfpN+7noCu9QSuS6AJ9oIfblmL6
7G2apZIASYYEwvl1n8rd90Ot+ksztXNqWt0cagPpz4C7sOJW5+AZydSf9orcvDmK
ttIXiKGE83Cv8nMSkeO2n1DIR+1jejLGIiEs5qsMUfeNJ6aAxTZasd1xEHi+vWmS
e5vlWCqlB1MGdZhlAt3LZN9EWUG/C8NcnIUtI2CyWnyJ8S8rhMsR5vnLwN/giVMb
nI7fWX3zz7cI7Wd5iULx/qb8yFHcJCuCTzj2X2tVqmOljKDrQJZw/yLfwDzKTiqN
LRkj93BMIxCYauGD0ivk/hK16G61422VpAi1yCVYRITqrRY9ttDV3sbo1dllHJxC
hG2orFyi9wNsqkNEqLVeLdHoOWHS9Uywd2jCt+UWmOraPjo/+i6wQppFRRob2h1W
82y77FSYvbCplWrO4rbgIZM1BEUwRigtO4ltO5RutWPSKT0G70ENBNXpeAStHJ/a
cAA4umTpoLjhHG9kdMOBnw5nBHoyZ9OUxHQDUySPvqM/eYm3CeU=
=e0Yv
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostaci jezgre operacijskog sustava

Otkriveni su sigurnosni nedostaci jezgre operacijskog sustava RHEL. Otkriveni nedostaci potencijalnim udaljenim napadačima omogućuju izazivanje DoS stanja. Savjetuje se ažuriranje...

Close