When an incoming DNS protocol message includes a Transaction Signature (TSIG), BIND always checks it. If the TSIG contains an invalid value in the algorithm field, BIND immediately aborts with an assertion failure. This issue affects BIND 9 versions 9.20.0 through 9.20.8 and 9.21.0 through 9.21.7.
{ "availability": "No subscription required", "binaries": [ { "binary_name": "bind9", "binary_version": "1:9.20.4-3ubuntu1.1" }, { "binary_name": "bind9-dbgsym", "binary_version": "1:9.20.4-3ubuntu1.1" }, { "binary_name": "bind9-dev", "binary_version": "1:9.20.4-3ubuntu1.1" }, { "binary_name": "bind9-dnsutils", "binary_version": "1:9.20.4-3ubuntu1.1" }, { "binary_name": "bind9-dnsutils-dbgsym", "binary_version": "1:9.20.4-3ubuntu1.1" }, { "binary_name": "bind9-doc", "binary_version": "1:9.20.4-3ubuntu1.1" }, { "binary_name": "bind9-host", "binary_version": "1:9.20.4-3ubuntu1.1" }, { "binary_name": "bind9-host-dbgsym", "binary_version": "1:9.20.4-3ubuntu1.1" }, { "binary_name": "bind9-libs", "binary_version": "1:9.20.4-3ubuntu1.1" }, { "binary_name": "bind9-libs-dbgsym", "binary_version": "1:9.20.4-3ubuntu1.1" }, { "binary_name": "bind9-utils", "binary_version": "1:9.20.4-3ubuntu1.1" }, { "binary_name": "bind9-utils-dbgsym", "binary_version": "1:9.20.4-3ubuntu1.1" }, { "binary_name": "bind9utils", "binary_version": "1:9.20.4-3ubuntu1.1" }, { "binary_name": "dnsutils", "binary_version": "1:9.20.4-3ubuntu1.1" } ] }