1. Forum
  2. Fsxnet Message
  3. FSX BOT

  • Bind vulnerability

    From bugz_ubuntu@21:4/110 to Ubuntu Users on Thursday, November 21, 2019 18:00:07
    bind9 vulnerability

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 19.10
    * Ubuntu 19.04
    * Ubuntu 18.04 LTS

    Summary

    Bind could be made to consume resources if it received specially
    crafted network traffic.

    Software Description

    * bind9 - Internet Domain Name Server

    Details

    It was discovered that Bind incorrectly handled certain
    TCP-pipelined queries. A remote attacker could possibly use this
    issue to cause Bind to consume resources, resulting in a denial of
    service.

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 19.10
    bind9 - 1:9.11.5.P4+dfsg-5.1ubuntu2.1

    Ubuntu 19.04
    bind9 - 1:9.11.5.P1+dfsg-1ubuntu2.6

    Ubuntu 18.04 LTS
    bind9 - 1:9.11.3+dfsg-1ubuntu1.11

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    In general, a standard system update will make all the necessary
    changes.

    References

    * CVE-2019-6477

    --- Mystic BBS v1.12 A43 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)
  • From bugz_ubuntu@21:4/110 to Ubuntu Users on Monday, August 24, 2020 12:10:08
    bind9 vulnerability

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 14.04 ESM
    * Ubuntu 12.04 ESM

    Summary

    Bind could be made to crash if it received a specially crafted
    request.

    Software Description

    * bind9 - Internet Domain Name Server

    Details

    USN-4468-1 fixed a vulnerability in Bind. This update provides the
    corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

    Original advisory details:

    Dave Feldman, Jeff Warren, and Joel Cunningham discovered that
    Bind incorrectly handled certain truncated responses to a
    TSIG-signed request. A remote attacker could possibly use this
    issue to cause Bind to crash, resulting in a denial of service.
    (CVE-2020-8622)

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 14.04 ESM
    bind9 - 1:9.9.5.dfsg-3ubuntu0.19+esm3

    Ubuntu 12.04 ESM
    bind9 - 1:9.8.1.dfsg.P1-4ubuntu0.31

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    In general, a standard system update will make all the necessary
    changes.

    References

    * USN-4468-1
    * CVE-2020-8622

    --- Mystic BBS v1.12 A45 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)