Ubuntu Security Notice 5332-2 - USN-5332-1 fixed a vulnerability in Bind. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Xiang Li, Baojun Liu, Chaoyi Lu, and Changgen Zou discovered that Bind incorrectly handled certain bogus NS records when using forwarders. A remote attacker could possibly use this issue to manipulate cache results.
2f3ab2b25a5365754856567ac7615085ba1c28af5d61f95f915e56f92bb1c7d2
=========================================================================
Ubuntu Security Notice USN-5332-2
March 17, 2022
bind9 vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
Bind could be made to manipulate cache results.
Software Description:
- bind9: Internet Domain Name Server
Details:
USN-5332-1 fixed a vulnerability in Bind. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
Original advisory details:
Xiang Li, Baojun Liu, Chaoyi Lu, and Changgen Zou discovered that Bind
incorrectly handled certain bogus NS records when using forwarders. A
remote attacker could possibly use this issue to manipulate cache results.
(CVE-2021-25220)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 ESM:
bind9 1:9.10.3.dfsg.P4-8ubuntu1.19+esm2
Ubuntu 14.04 ESM:
bind9 1:9.9.5.dfsg-3ubuntu0.19+esm6
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5332-2
https://ubuntu.com/security/notices/USN-5332-1
CVE-2021-25220