CVE-2024-4076
Publication date 23 July 2024
Last updated 26 July 2024
Ubuntu priority
Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure. This issue affects BIND 9 versions 9.16.13 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.33-S1 through 9.11.37-S1, 9.16.13-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| bind9 | 24.04 LTS noble |
Fixed 1:9.18.28-0ubuntu0.24.04.1
|
| 22.04 LTS jammy |
Fixed 1:9.18.28-0ubuntu0.22.04.1
|
|
| 20.04 LTS focal |
Fixed 1:9.18.28-0ubuntu0.20.04.1
|
|
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty |
Not affected
|
|
| bind9-libs | 24.04 LTS noble | Not in release |
| 22.04 LTS jammy |
Needs evaluation
|
|
| 20.04 LTS focal |
Needs evaluation
|
|
| isc-dhcp | 24.04 LTS noble |
Needs evaluation
|
| 22.04 LTS jammy |
Not affected
|
|
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic |
Needs evaluation
|
|
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty |
Not affected
|
Notes
alexmurray
As of isc-dhcp-4.4.3-1, isc-dhcp vendors bind9 libs
mdeslaur
in focal and jammy, isc-dhcp uses the bind9-libs package This is unlikely to affect isc-dhcp's use of bind9-libs and the vendored bind9 libs, marking as negligible This only affected 9.16.13 and higher.
References
Related Ubuntu Security Notices (USN)
- USN-6909-1
- Bind vulnerabilities
- 23 July 2024