Debian Security Advisory
DSA-4440-1 bind9 -- security update
- Date Reported:
- 09 May 2019
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2018-5743, CVE-2018-5745, CVE-2019-6465.
- More information:
Multiple vulnerabilities were found in the BIND DNS server:
Connection limits were incorrectly enforced.
The "managed-keys" feature was susceptible to denial of service by triggering an assert.
ACLs for zone transfers were incorrectly enforced for dynamically loadable zones (DLZs).
For the stable distribution (stretch), these problems have been fixed in version 1:9.10.3.dfsg.P4-12.3+deb9u5.
We recommend that you upgrade your bind9 packages.
For the detailed security status of bind9 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/bind9