← Back to team overview

freeipa team mailing list archive

[Bug 2003586] Re: MRE Updates 9.18.12 / 9.16.36

 

This bug was fixed in the package bind9 - 1:9.18.12-0ubuntu0.22.04.1

---------------
bind9 (1:9.18.12-0ubuntu0.22.04.1) jammy; urgency=medium

  * New upstream releases 9.18.2 - 9.18.12 (LP: #2003586)
    - Updates:
      + update-quota option
      + named -V shows supported cryptographic algorithms
      + Catalog Zones schema version 2 support in named
      + DNS error support Stale Answer and Stale NXDOMAIN Answer
      + Remote TLS certificate verification support
      + reusereport option
    - Bug Fixes Include:
      + Fix crash when using dig with +nssearch and +tcp (LP: #1258003)
      + Fix incomplete results using dig with +nssearch (LP: #1970252)
      + Fix loading of preinstalled plugins (LP: #2006972)
      + CVE-2022-2795, CVE-2022-2881, CVE-2022-2906, CVE-2022-3080,
        CVE-2022-38178, CVE-2022-3094, CVE-2022-3736, CVE-2022-3924,
        CVE-2022-1183
      + Fix thread safety in dns_dispatch
      + Fix ADB quota management in resolver
      + Fix Prohibited DNS error on allow-recursion
      + Fix crash when restarting server with active statschannel connection
      + Fix use after free for catalog zone processing
      + Fix leak of dns_keyfileio_t objects
      + Fix nslookup failure to use port option when record type ANY is used
      + Fix crash on dnssec-policy zone with NSEC3 and inline-signing turned on
      + Fix inheritance when setting remote server port
      + Fix assertion error when accessing statistics channel
      + Fix rndc dumpdb -expired for stuck cache
      + Fix check for other name servers after receiving FORMERR
      + Fix deletion of CDS after zone sign
      + Fix dighost query context management
      + Fix dig hanging due to IPv4 mapped IPv6 address
      + See https://bind9.readthedocs.io/en/v9_18_12/notes.html#notes-for-bind-9-18-12
        for additional bug fixes and information
  * Improve dep-8 test suite (LP: #2003584):
    - d/t/zonetest: Add dep8 test for checking the domain zone creation process
    - d/t/control: Add new test outline
  * d/bind9-doc.docs: Stop installing removed file doc/misc/options.active
  * Remove patches for bugs LP #1964400 and LP #1964686 fixed upstream:
    - lp1964400-lp1964686-Fix-an-issue-in-dig-when-retrying-with-the-next-serv
    - lp1964400-lp1964686-When-resending-a-UDP-request-insert-the-query-to-the
    - lp1964400-lp1964686-Add-digdelv-system-test-to-check-timed-out-result-fo
    - lp1964400-lp1964686-After-dig-request-errors-try-to-use-other-servers-wh
    - lp1964400-lp1964686-Add-digdelv-system-test-to-check-that-dig-tries-othe
    - lp1964400-lp1964686-Fix-dig-error-when-trying-the-next-server-after-a-TC
    - lp1964400-lp1964686-Add-various-dig-host-tests-for-TCP-UDP-socket-error-
  * Remove CVE patches fixed upstream:
    - debian/patches/CVE-2022-1183.patch
      [Included in upstream release 9.18.3]
    - debian/patches/CVE-2022-2795.patch
    - debian/patches/CVE-2022-2881.patch
    - debian/patches/CVE-2022-2906.patch
    - debian/patches/CVE-2022-3080.patch
    - debian/patches/CVE-2022-38178.patch
      [Included in upstream release 9.18.7]
    - debian/patches/CVE-2022-3094.patch
    - debian/patches/CVE-2022-3736.patch
    - debian/patches/CVE-2022-3924.patch
      [Included in upstream release 9.18.11]

 -- Lena Voytek <lena.voytek@xxxxxxxxxxxxx>  Wed, 08 Mar 2023 12:08:55
-0700

** Changed in: bind9 (Ubuntu Jammy)
       Status: Fix Committed => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-1183

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-2795

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-2881

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-2906

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-3080

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-3094

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-3736

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-38178

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-3924

-- 
You received this bug notification because you are a member of FreeIPA,
which is subscribed to bind-dyndb-ldap in Ubuntu.
https://bugs.launchpad.net/bugs/2003586

Title:
  MRE Updates 9.18.12 / 9.16.36

Status in bind-dyndb-ldap package in Ubuntu:
  Fix Released
Status in bind9 package in Ubuntu:
  Fix Released
Status in bind-dyndb-ldap source package in Focal:
  New
Status in bind9 source package in Focal:
  New
Status in bind-dyndb-ldap source package in Jammy:
  Fix Committed
Status in bind9 source package in Jammy:
  Fix Released
Status in bind-dyndb-ldap source package in Kinetic:
  Fix Committed
Status in bind9 source package in Kinetic:
  Fix Released

Bug description:
  This bug tracks an update for the bind9 package, moving to versions:

  * Kinetic (22.10): bind9 9.18.12
  * Jammy (22.04): bind9 9.18.12
  * Focal (20.04): bind9 9.16.36

  These updates include bug fixes following the SRU policy exception
  defined at https://wiki.ubuntu.com/Bind9Updates.

  [Upstream changes]

  For bind9 9.18.2-9.18.12, major changes include:

  CVE fixes (These already existed as patches but are now included as part of upstream):
  CVE-2022-1183
  CVE-2022-2795
  CVE-2022-2881
  CVE-2022-2906
  CVE-2022-3080
  CVE-2022-38178
  CVE-2022-3094
  CVE-2022-3736
  CVE-2022-3924

  Features:
  update-quota option
  named -V shows supported cryptographic algorithms
  Additional info given for recursion not available and query (cache) '...' denied outputs

  Jammy only (Kinetic already has these):
  Catalog Zones schema version 2 support in named
  DNS error support Stale Answer and Stale NXDOMAIN Answer
  remote TLS certificate verification support
  reusereport option

  Bug Fixes:
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3178
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3636
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3772
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3752
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3678
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3637
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3739
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3743
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3725
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3693
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3683
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3727
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3638
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3183
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3721
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3707
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3591
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3598
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3247
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2895
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3584
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3627
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3563
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3603
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3542
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3557
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2982
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3439
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3438
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2918
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3462
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3400
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3402
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3152
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3415
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2506
  Jammy only:
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3327
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3380
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3302
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2931
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3242
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3020
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3128
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3145
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3184
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3205
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3244
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3248
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3142
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3200

  This will also fix bugs LP: #1258003, LP: #1970252, and LP: #2006972

  Full release notes for versions 9.18.2-9.18.12:
  https://bind9.readthedocs.io/en/v9_18_12/notes.html#notes-for-
  bind-9-18-12

  [Test Plan]

  DEP-8 Tests:

  simpletest - Confirms bind9 daemon starts successfully and dig can
  find 127.0.0.1 through the default setup of bind9

  zonetest - Added in this update, currently in lunar. Confirms the
  functionality of named and bind9 by creating a local DNS zone and
  domain, and having dig look it up

  validation - This test is provided by Debian and consistently fails
  both before and after the update due to several issues. It is marked
  as flaky, and does not block autopkgtest passing overall

  [Regression Potential]

  Upstream has an extensive build and integration test suite. So
  regressions would likely arise from a change in interaction with
  Ubuntu-specific integrations. Alternatively, regressions may arise for
  users due to behavior changes from the many bug fixes and minor
  feature updates.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bind-dyndb-ldap/+bug/2003586/+subscriptions