Debian 10230 Published by

A bind9 security update has been released for Debian GNU/Linux 8 Extended LTS to address an issue where crafted responses to TSIG-signed requests could lead to an assertion failure.



ELA-270-1 bind9 security update

Package bind9
Version 1:9.9.5.dfsg-9+deb8u20
Related CVEs CVE-2020-8622
Crafted responses to TSIG-signed requests could lead to an assertion failure, causing named, a Domain Name Server, to exit. This could be done by malicious server operators or guessing attackers.

For Debian 8 jessie, these problems have been fixed in version 1:9.9.5.dfsg-9+deb8u20.

We recommend that you upgrade your bind9 packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/

  ELA-270-1 bind9 security update