Vulnerabilities in Bind9

Question

I have received below vulnerabilities advisory in my ubuntu 20 servers installed with bind9. existing version is - BIND 9.16.1-Ubuntu (Stable Release) and upgrade it to the latest. latest bind9 in ubuntu 20 is the same. Any thoughts and updates ?

CVE ID	Vulnerability Name	Affected Products
CVE-2021-25220	DNS forwarders - cache poisoning vulnerability	BIND 9.11.0 -> 9.11.36; 9.12.0 -> 9.16.26; 9.17.0 -> 9.18.0; BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1
CVE-2022-0396	DoS from specifically crafted TCP packets	BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition
CVE-2022-0635	DNAME insist with synth-from-dnssec enabled	BIND 9.18.0
CVE-2022-0667	Assertion failure on delayed DS lookup	BIND 9.18.0

Ubuntu 20? So this is a Ubuntu Core 20 Server and not a Ubuntu 20.04 LTS Server? — guiverc, Mar 22 '22 at 05:56
Does this answer your question? How can I tell if a CVE has been fixed in Ubuntu's repositories? — muru, Mar 22 '22 at 05:58

score 4 · Accepted Answer · answered Mar 22 '22 at 05:56

When speaking about vulnerabilities and asking questions, it's incredibly important that you be specific when referring to versions of software, like you are with BIND and the CVEs. There is no "Ubuntu 20". There is "Ubuntu Server 20.04", "Ubuntu Desktop 20.04", "Ubuntu Core 20", and "Ubuntu Server 20.10".

With regards to the status of updates, you can always follow these via the CVE page on the Ubuntu Security website.

With regards to your specific questions for the 20.04 versions:

CVE	TL;DR
CVE-2021-25220	Resolved (As of March 16, 2022)
CVE-2022-0396	Not Vulnerable (Only affects 9.16.11 or higher)
CVE-2022-0635	Not Vulnerable (Only affects 9.18.0)
CVE-2022-0667	Not Vulnerable (Only affects 9.18.0)

Thanks for the update matigo. Yes i was not updated all the version, it is "Ubuntu 20.04.4 LTS". — sahir k, Mar 22 '22 at 07:20

Vulnerabilities in Bind9

1 Answers1