USN-4929-1

Greg Kuechle discovered that Bind incorrectly handled certain incremental zone updates. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. (CVE-2021-25214)

Siva Kakarla discovered that Bind incorrectly handled certain DNAME records. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. (CVE-2021-25215)

It was discovered that Bind incorrectly handled GSSAPI security policy negotiation. A remote attacker could use this issue to cause Bind to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-25216)

References

Affected packages

Ubuntu:16.04:LTS / bind9

Package

Name: bind9
Purl: pkg:deb/ubuntu/bind9@1:9.10.3.dfsg.P4-8ubuntu1.19?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:9.10.3.dfsg.P4-8ubuntu1.19

Affected versions

1:9.*

1:9.9.5.dfsg-11ubuntu1

1:9.9.5.dfsg-12

1:9.9.5.dfsg-12.1

1:9.9.5.dfsg-12.1ubuntu1

1:9.10.3.dfsg.P2-4

1:9.10.3.dfsg.P2-5

1:9.10.3.dfsg.P4-3

1:9.10.3.dfsg.P4-4

1:9.10.3.dfsg.P4-5

1:9.10.3.dfsg.P4-8

1:9.10.3.dfsg.P4-8ubuntu1

1:9.10.3.dfsg.P4-8ubuntu1.1

1:9.10.3.dfsg.P4-8ubuntu1.2

1:9.10.3.dfsg.P4-8ubuntu1.3

1:9.10.3.dfsg.P4-8ubuntu1.4

1:9.10.3.dfsg.P4-8ubuntu1.5

1:9.10.3.dfsg.P4-8ubuntu1.6

1:9.10.3.dfsg.P4-8ubuntu1.7

1:9.10.3.dfsg.P4-8ubuntu1.8

1:9.10.3.dfsg.P4-8ubuntu1.9

1:9.10.3.dfsg.P4-8ubuntu1.10

1:9.10.3.dfsg.P4-8ubuntu1.11

1:9.10.3.dfsg.P4-8ubuntu1.12

1:9.10.3.dfsg.P4-8ubuntu1.14

1:9.10.3.dfsg.P4-8ubuntu1.15

1:9.10.3.dfsg.P4-8ubuntu1.16

1:9.10.3.dfsg.P4-8ubuntu1.17

1:9.10.3.dfsg.P4-8ubuntu1.18

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "bind9",
            "binary_version": "1:9.10.3.dfsg.P4-8ubuntu1.19"
        },
        {
            "binary_name": "bind9-host",
            "binary_version": "1:9.10.3.dfsg.P4-8ubuntu1.19"
        },
        {
            "binary_name": "bind9utils",
            "binary_version": "1:9.10.3.dfsg.P4-8ubuntu1.19"
        },
        {
            "binary_name": "dnsutils",
            "binary_version": "1:9.10.3.dfsg.P4-8ubuntu1.19"
        },
        {
            "binary_name": "host",
            "binary_version": "1:9.10.3.dfsg.P4-8ubuntu1.19"
        },
        {
            "binary_name": "libbind-dev",
            "binary_version": "1:9.10.3.dfsg.P4-8ubuntu1.19"
        },
        {
            "binary_name": "libbind-export-dev",
            "binary_version": "1:9.10.3.dfsg.P4-8ubuntu1.19"
        },
        {
            "binary_name": "libbind9-140",
            "binary_version": "1:9.10.3.dfsg.P4-8ubuntu1.19"
        },
        {
            "binary_name": "libdns-export162",
            "binary_version": "1:9.10.3.dfsg.P4-8ubuntu1.19"
        },
        {
            "binary_name": "libdns162",
            "binary_version": "1:9.10.3.dfsg.P4-8ubuntu1.19"
        },
        {
            "binary_name": "libirs-export141",
            "binary_version": "1:9.10.3.dfsg.P4-8ubuntu1.19"
        },
        {
            "binary_name": "libirs141",
            "binary_version": "1:9.10.3.dfsg.P4-8ubuntu1.19"
        },
        {
            "binary_name": "libisc-export160",
            "binary_version": "1:9.10.3.dfsg.P4-8ubuntu1.19"
        },
        {
            "binary_name": "libisc160",
            "binary_version": "1:9.10.3.dfsg.P4-8ubuntu1.19"
        },
        {
            "binary_name": "libisccc-export140",
            "binary_version": "1:9.10.3.dfsg.P4-8ubuntu1.19"
        },
        {
            "binary_name": "libisccc140",
            "binary_version": "1:9.10.3.dfsg.P4-8ubuntu1.19"
        },
        {
            "binary_name": "libisccfg-export140",
            "binary_version": "1:9.10.3.dfsg.P4-8ubuntu1.19"
        },
        {
            "binary_name": "libisccfg140",
            "binary_version": "1:9.10.3.dfsg.P4-8ubuntu1.19"
        },
        {
            "binary_name": "liblwres141",
            "binary_version": "1:9.10.3.dfsg.P4-8ubuntu1.19"
        },
        {
            "binary_name": "lwresd",
            "binary_version": "1:9.10.3.dfsg.P4-8ubuntu1.19"
        }
    ]
}

Database specific

cves_map

{
    "cves": [
        {
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2021-25214"
        },
        {
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2021-25215"
        },
        {
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2021-25216"
        }
    ],
    "ecosystem": "Ubuntu:16.04:LTS"
}

Ubuntu:18.04:LTS / bind9

Package

Name: bind9
Purl: pkg:deb/ubuntu/bind9@1:9.11.3+dfsg-1ubuntu1.15?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:9.11.3+dfsg-1ubuntu1.15

Affected versions

1:9.*

1:9.10.3.dfsg.P4-12.6ubuntu1

1:9.11.2.P1-1ubuntu2

1:9.11.2.P1-1ubuntu3

1:9.11.2.P1-1ubuntu4

1:9.11.2.P1-1ubuntu5

1:9.11.3+dfsg-1ubuntu1

1:9.11.3+dfsg-1ubuntu1.1

1:9.11.3+dfsg-1ubuntu1.2

1:9.11.3+dfsg-1ubuntu1.3

1:9.11.3+dfsg-1ubuntu1.5

1:9.11.3+dfsg-1ubuntu1.7

1:9.11.3+dfsg-1ubuntu1.8

1:9.11.3+dfsg-1ubuntu1.9

1:9.11.3+dfsg-1ubuntu1.10

1:9.11.3+dfsg-1ubuntu1.11

1:9.11.3+dfsg-1ubuntu1.12

1:9.11.3+dfsg-1ubuntu1.13

1:9.11.3+dfsg-1ubuntu1.14

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "bind9",
            "binary_version": "1:9.11.3+dfsg-1ubuntu1.15"
        },
        {
            "binary_name": "bind9-host",
            "binary_version": "1:9.11.3+dfsg-1ubuntu1.15"
        },
        {
            "binary_name": "bind9utils",
            "binary_version": "1:9.11.3+dfsg-1ubuntu1.15"
        },
        {
            "binary_name": "dnsutils",
            "binary_version": "1:9.11.3+dfsg-1ubuntu1.15"
        },
        {
            "binary_name": "libbind-dev",
            "binary_version": "1:9.11.3+dfsg-1ubuntu1.15"
        },
        {
            "binary_name": "libbind-export-dev",
            "binary_version": "1:9.11.3+dfsg-1ubuntu1.15"
        },
        {
            "binary_name": "libbind9-160",
            "binary_version": "1:9.11.3+dfsg-1ubuntu1.15"
        },
        {
            "binary_name": "libdns-export1100",
            "binary_version": "1:9.11.3+dfsg-1ubuntu1.15"
        },
        {
            "binary_name": "libdns1100",
            "binary_version": "1:9.11.3+dfsg-1ubuntu1.15"
        },
        {
            "binary_name": "libirs-export160",
            "binary_version": "1:9.11.3+dfsg-1ubuntu1.15"
        },
        {
            "binary_name": "libirs160",
            "binary_version": "1:9.11.3+dfsg-1ubuntu1.15"
        },
        {
            "binary_name": "libisc-export169",
            "binary_version": "1:9.11.3+dfsg-1ubuntu1.15"
        },
        {
            "binary_name": "libisc169",
            "binary_version": "1:9.11.3+dfsg-1ubuntu1.15"
        },
        {
            "binary_name": "libisccc-export160",
            "binary_version": "1:9.11.3+dfsg-1ubuntu1.15"
        },
        {
            "binary_name": "libisccc160",
            "binary_version": "1:9.11.3+dfsg-1ubuntu1.15"
        },
        {
            "binary_name": "libisccfg-export160",
            "binary_version": "1:9.11.3+dfsg-1ubuntu1.15"
        },
        {
            "binary_name": "libisccfg160",
            "binary_version": "1:9.11.3+dfsg-1ubuntu1.15"
        },
        {
            "binary_name": "liblwres160",
            "binary_version": "1:9.11.3+dfsg-1ubuntu1.15"
        }
    ]
}

Database specific

cves_map

{
    "cves": [
        {
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2021-25214"
        },
        {
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2021-25215"
        },
        {
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2021-25216"
        }
    ],
    "ecosystem": "Ubuntu:18.04:LTS"
}

Ubuntu:20.04:LTS / bind9

Package

Name: bind9
Purl: pkg:deb/ubuntu/bind9@1:9.16.1-0ubuntu2.8?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:9.16.1-0ubuntu2.8

Affected versions

1:9.*

1:9.11.5.P4+dfsg-5.1ubuntu2

1:9.11.5.P4+dfsg-5.1ubuntu3

1:9.11.5.P4+dfsg-5.1ubuntu4

1:9.11.5.P4+dfsg-5.1ubuntu5

1:9.11.14+dfsg-1ubuntu1

1:9.11.14+dfsg-3ubuntu1

1:9.16.0-1ubuntu3

1:9.16.0-1ubuntu4

1:9.16.0-1ubuntu5

1:9.16.1-0ubuntu1

1:9.16.1-0ubuntu2

1:9.16.1-0ubuntu2.1

1:9.16.1-0ubuntu2.2

1:9.16.1-0ubuntu2.3

1:9.16.1-0ubuntu2.4

1:9.16.1-0ubuntu2.6

1:9.16.1-0ubuntu2.7

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "bind9",
            "binary_version": "1:9.16.1-0ubuntu2.8"
        },
        {
            "binary_name": "bind9-dnsutils",
            "binary_version": "1:9.16.1-0ubuntu2.8"
        },
        {
            "binary_name": "bind9-host",
            "binary_version": "1:9.16.1-0ubuntu2.8"
        },
        {
            "binary_name": "bind9-libs",
            "binary_version": "1:9.16.1-0ubuntu2.8"
        },
        {
            "binary_name": "bind9-utils",
            "binary_version": "1:9.16.1-0ubuntu2.8"
        },
        {
            "binary_name": "bind9utils",
            "binary_version": "1:9.16.1-0ubuntu2.8"
        },
        {
            "binary_name": "dnsutils",
            "binary_version": "1:9.16.1-0ubuntu2.8"
        }
    ]
}

Database specific

cves_map

{
    "cves": [
        {
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2021-25214"
        },
        {
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2021-25215"
        },
        {
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2021-25216"
        }
    ],
    "ecosystem": "Ubuntu:20.04:LTS"
}