Headline
Ubuntu Security Notice USN-5429-1
Ubuntu Security Notice 5429-1 - Thomas Amgarten discovered that Bind incorrectly handled certain TLS connections being destroyed. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service.
==========================================================================Ubuntu Security Notice USN-5429-1May 18, 2022bind9 vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTSSummary:Bind could be made to crash if it received specially crafted networktraffic.Software Description:- bind9: Internet Domain Name ServerDetails:Thomas Amgarten discovered that Bind incorrectly handled certain TLSconnections being destroyed. A remote attacker could possibly use thisissue to cause Bind to crash, resulting in a denial of service.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS: bind9 1:9.18.1-1ubuntu1.1In general, a standard system update will make all the necessary changes.References: https://ubuntu.com/security/notices/USN-5429-1 CVE-2022-1183Package Information: https://launchpad.net/ubuntu/+source/bind9/1:9.18.1-1ubuntu1.1Related news
CVE-2022-1183: CVE-2022-1183: Destroying a TLS session early causes assertion failure - Security Advisories
On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both DNS over TLS (DoT) and DNS over HTTPS (DoH), but configurations using DoT alone are unaffected. Affects BIND 9.18.0 -> 9.18.2 and version 9.19.0 of the BIND 9.19 development branch.