A bind9 security update has been released for Debian GNU/Linux 8 Extended LTS to address a regression introduced by a previous update.
ELA-599-1 bind9 security update
Package bind9
ELA-599-1 bind9 security update
Version 1:9.9.5.dfsg-9+deb8u27
Related CVEs CVE-2021-25220
It was found that bind9, an internet domain name server, was vulnerable to cache poisoning. When using forwarders, bogus NS records supplied by, or via, those forwarders may be cached and used by named if it needs to recurse for any reason, causing it to obtain and pass on potentially incorrect answers.
This update corrects the regression in the isc-dhcp package. [ELA-584-2]
For Debian 8 jessie, these problems have been fixed in version 1:9.9.5.dfsg-9+deb8u27.
We recommend that you upgrade your bind9 packages.
Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/
