Information on source package bind9

Available versions

ReleaseVersion
jessie1:9.9.5.dfsg-9+deb8u15
jessie (security)1:9.9.5.dfsg-9+deb8u18
stretch1:9.10.3.dfsg.P4-12.3+deb9u4
stretch (security)1:9.10.3.dfsg.P4-12.3+deb9u5
buster1:9.11.5.P4+dfsg-5.1
bullseye1:9.11.5.P4+dfsg-5.1
sid1:9.11.5.P4+dfsg-5.1

Open issues

BugjessiestretchbusterbullseyesidDescription
CVE-2018-5740fixedvulnerable (no DSA, postponed)fixedfixedfixed"deny-answer-aliases" is a little-used feature intended to help recurs ...

Open unimportant issues

BugjessiestretchbusterbullseyesidDescription
CVE-2018-5741vulnerablevulnerablefixedfixedfixedTo provide fine-grained controls over the ability to use Dynamic DNS ( ...
CVE-2016-6170vulnerablevulnerablefixedfixedfixedISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x throug ...

Resolved issues

BugDescription
CVE-2019-6471A race condition when discarding malformed packets can cause BIND to exit with an assertion failure
CVE-2019-6469
CVE-2019-6468
CVE-2019-6467An error in the nxdomain redirect feature can cause BIND to exit with an INSIST assertion failure in query.c
CVE-2019-6465Zone transfer controls for writable DLZ zones were not effective
CVE-2018-5745An assertion failure can occur if a trust anchor rolls over to an unsupported key algorithm when using managed-keys
CVE-2018-5744A specially crafted packet can cause named to leak memory
CVE-2018-5743Limiting simultaneous TCP clients is ineffective
CVE-2018-5742Crash from assertion error when debug log level is 10 and log entries meet buffer boundary
CVE-2018-5738Change #4777 (introduced in October 2017) introduced an unforeseen iss ...
CVE-2018-5737A problem with the implementation of the new serve-stale feature in BI ...
CVE-2018-5736An error in zone database reference counting can lead to an assertion ...
CVE-2018-5735assertion failure in validator.c:1858
CVE-2018-5734While handling a particular type of malformed packet BIND erroneously ...
CVE-2017-3145BIND was improperly sequencing cleanup operations on upstream recursio ...
CVE-2017-3143An attacker who is able to send and receive messages to an authoritati ...
CVE-2017-3142An attacker who is able to send and receive messages to an authoritati ...
CVE-2017-3141The BIND installer on Windows uses an unquoted service path which can ...
CVE-2017-3140If named is configured to use Response Policy Zones (RPZ) an error pro ...
CVE-2017-3139A denial of service flaw was found in the way BIND handled DNSSEC vali ...
CVE-2017-3138named contains a feature which allows operators to issue commands to a ...
CVE-2017-3137Mistaken assumptions about the ordering of records in the answer secti ...
CVE-2017-3136A query with a specific set of characteristics could cause a server us ...
CVE-2017-3135Under some conditions when using both DNS64 and RPZ to rewrite query r ...
CVE-2016-9778An error in handling certain queries can cause an assertion failure wh ...
CVE-2016-9444named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9. ...
CVE-2016-9147named in ISC BIND 9.9.9-P4, 9.9.9-S6, 9.10.4-P4, and 9.11.0-P1 allows ...
CVE-2016-9131named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9. ...
CVE-2016-8864named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9. ...
CVE-2016-2848ISC BIND 9.1.0 through 9.8.4-P2 and 9.9.0 through 9.9.2-P2 allows remo ...
CVE-2016-2776buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4- ...
CVE-2016-2775ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x befo ...
CVE-2016-2088resolver.c in named in ISC BIND 9.10.x before 9.10.3-P4, when DNS cook ...
CVE-2016-1286named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allo ...
CVE-2016-1285named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does ...
CVE-2016-1284rdataset.c in ISC BIND 9 Supported Preview Edition 9.9.8-S before 9.9. ...
CVE-2015-8705buffer.c in named in ISC BIND 9.10.x before 9.10.3-P3, when debug logg ...
CVE-2015-8704apl_42.c in ISC BIND 9.x before 9.9.8-P3, 9.9.x, and 9.10.x before 9.1 ...
CVE-2015-8461Race condition in resolver.c in named in ISC BIND 9.9.8 before 9.9.8-P ...
CVE-2015-8000db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3 ...
CVE-2015-5986openpgpkey_61.c in named in ISC BIND 9.9.7 before 9.9.7-P3 and 9.10.x ...
CVE-2015-5722buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9. ...
CVE-2015-5477named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allo ...
CVE-2015-4620name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and 9. ...
CVE-2015-1349named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x befor ...
CVE-2014-8680The GeoIP functionality in ISC BIND 9.10.0 through 9.10.1 allows remot ...
CVE-2014-8500ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through ...
CVE-2014-3859libdns in ISC BIND 9.10.0 before P2 does not properly handle EDNS opti ...
CVE-2014-3214The prefetch implementation in named in ISC BIND 9.10.0, when a recurs ...
CVE-2014-0591The query_findclosestnsec3 function in query.c in named in ISC BIND 9. ...
CVE-2013-6230The Winsock WSAIoctl API in Microsoft Windows Server 2008, as used in ...
CVE-2013-4854The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x bef ...
CVE-2013-3919resolver.c in ISC BIND 9.8.5 before 9.8.5-P1, 9.9.3 before 9.9.3-P1, a ...
CVE-2013-2266libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5 ...
CVE-2012-5689ISC BIND 9.8.x through 9.8.4-P1 and 9.9.x through 9.9.2-P1, in certain ...
CVE-2012-5688ISC BIND 9.8.x before 9.8.4-P1 and 9.9.x before 9.9.2-P1, when DNS64 i ...
CVE-2012-5166ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9. ...
CVE-2012-4244ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9. ...
CVE-2012-3868Race condition in the ns_client structure management in ISC BIND 9.9.x ...
CVE-2012-3817ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2; 9.8.x before ...
CVE-2012-1667ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9. ...
CVE-2012-1033The resolver in ISC BIND 9 through 9.8.1-P1 overwrites cached server n ...
CVE-2011-4313query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9 ...
CVE-2011-2465Unspecified vulnerability in ISC BIND 9 9.8.0, 9.8.0-P1, 9.8.0-P2, and ...
CVE-2011-2464Unspecified vulnerability in ISC BIND 9 9.6.x before 9.6-ESV-R4-P3, 9. ...
CVE-2011-1910Off-by-one error in named in ISC BIND 9.x before 9.7.3-P1, 9.8.x befor ...
CVE-2011-1907ISC BIND 9.8.x before 9.8.0-P1, when Response Policy Zones (RPZ) RRset ...
CVE-2011-0414ISC BIND 9.7.1 through 9.7.2-P3, when configured as an authoritative s ...
CVE-2010-3762ISC BIND before 9.7.2-P2, when DNSSEC validation is enabled, does not ...
CVE-2010-3615named in ISC BIND 9.7.2-P2 does not check all intended locations for a ...
CVE-2010-3614named in ISC BIND 9.x before 9.6.2-P3, 9.7.x before 9.7.2-P3, 9.4-ESV ...
CVE-2010-3613named in ISC BIND 9.6.2 before 9.6.2-P3, 9.6-ESV before 9.6-ESV-R3, an ...
CVE-2010-0382ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2 ...
CVE-2010-0290Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before ...
CVE-2010-0218ISC BIND 9.7.2 through 9.7.2-P1 uses an incorrect ACL to restrict the ...
CVE-2010-0213BIND 9.7.1 and 9.7.1-P1, when a recursive validating server has a trus ...
CVE-2010-0097ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2 ...
CVE-2009-4022Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before ...
CVE-2009-0696The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 befo ...
CVE-2009-0265Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not prop ...
CVE-2009-0025BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check t ...
CVE-2008-4163Unspecified vulnerability in ISC BIND 9.3.5-P2-W1, 9.4.2-P2-W1, and 9. ...
CVE-2008-1447The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, ...
CVE-2008-0122Off-by-one error in the inet_network function in libbind in ISC BIND 9 ...
CVE-2007-6283Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key f ...
CVE-2007-2926ISC BIND 9 through 9.5.0a5 uses a weak random number generator during ...
CVE-2007-2925The default access control lists (ACL) in ISC BIND 9.4.0, 9.4.1, and 9 ...
CVE-2007-2241Unspecified vulnerability in query.c in ISC BIND 9.4.0, and 9.5.0a1 th ...
CVE-2007-0494ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 u ...
CVE-2007-0493Use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up ...
CVE-2006-4096BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers ...
CVE-2006-4095BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers ...
CVE-2006-2073Unspecified vulnerability in ISC BIND allows remote attackers to cause ...
CVE-2006-0987The default configuration of ISC BIND before 9.4.1-P1, when configured ...
CVE-2005-0364Unknown vulnerability in BIND 9.2.0 in HP-UX B.11.00, B.11.11, and B.1 ...
CVE-2005-0034An "incorrect assumption" in the authvalidated validator function in B ...
CVE-2002-2211BIND 4 and BIND 8, when resolving recursive DNS queries for arbitrary ...
CVE-2002-1221BIND 8.x through 8.3.3 allows remote attackers to cause a denial of se ...
CVE-2002-1220BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of ...
CVE-2002-1219Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 ...
CVE-2002-0029Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 th ...

Security announcements

DSA / DLADescription
DLA-1859-1bind9 - security update
DSA-4440-1bind9 - security update
DLA-1697-1bind9 - security update
DLA-1485-1bind9 - security update
DLA-1285-1bind9 - security update
DLA-1255-1bind9 - security update
DSA-4089-1bind9 - security update
DSA-4089-1bind9 - security update
DLA-1025-2bind9 - regression update
DSA-3904-2bind9 - regression update
DSA-3904-2bind9 - regression update
DLA-1025-1bind9 - security update
DSA-3904-1bind9 - security update
DSA-3904-1bind9 - security update
DLA-957-1bind9 - security update
DSA-3854-1bind9 - security update
DLA-843-1bind9 - security update
DSA-3795-1bind9 - security update
DLA-805-1bind9 - security update
DSA-3758-1bind9 - security update
DLA-696-1bind9 - security update
DSA-3703-1bind9 - security update
DLA-672-1bind9 - security update
DLA-645-1bind9 - security update
DSA-3680-1bind9 - security update
DSA-3511-1bind9 - security update
DSA-3511-1bind9 - security update
DSA-3449-1bind9 - security update
DSA-3449-1bind9 - security update
DLA-396-1bind9 - security update
DLA-370-1bind9 - security update
DSA-3420-1bind9 - security update
DSA-3420-1bind9 - security update
DLA-308-1bind9 - security update
DSA-3350-1bind9 - security update
DSA-3350-1bind9 - security update
DSA-3319-1bind9 - security update
DSA-3319-1bind9 - security update
DLA-285-1bind9 - security update
DLA-270-1bind9 - security update
DSA-3304-1bind9 - security update
DSA-3304-1bind9 - security update
DLA-163-1bind9 - security update
DSA-3162-1bind9 - security update
DLA-112-1bind9 - security update
DSA-3094-1bind9 - security update
DSA-3023-1bind9 - security update
DLA-48-1bind9 - security update
DSA-2728-1bind9 - denial of service
DSA-2728-1bind9 - denial of service
DSA-2656-1bind9 - denial of service
DSA-2560-1bind9 - denial of service
DSA-2547-1bind9 - improper assert
DSA-2517-1bind9 - denial of service
DSA-2486-1bind9 - denial of service
DSA-2347-1bind9 - improper assert
DSA-2347-1bind9 - improper assert
DSA-2272-1bind9 - denial of service
DSA-2272-1bind9 - denial of service
DSA-2244-1bind9 - wrong boundary condition
DSA-2244-1bind9 - wrong boundary condition
DSA-2208-1bind9 - denial of service
DSA-2130-1bind9 - denial of service
DSA-2054-1bind9 - cache poisoning
DSA-1961-1bind9 - cache poisoning
DSA-1961-1bind9 - cache poisoning
DSA-1847-1bind9 - denial of service
DSA-1847-1bind9 - denial of service
DSA-1703-1bind9 - cryptographic weakness
DSA-1603-1bind9 - cache poisoning
DSA-1341-2bind9 - DNS cache poisoning vulnerability
DSA-1341-2bind9 - DNS cache poisoning vulnerability
DSA-1254-1bind9
DSA-1172-1bind9 - programming error

Search for package or bug name: Reporting problems