| Package | bind9 |
|---|---|
| Version | 1:9.9.5.dfsg-9+deb8u23 |
| Related CVEs | CVE-2021-25219 |
Kishore Kumar Kothapalli discovered that the lame server cache in BIND, a DNS server implementation, can be abused by an attacker to significantly degrade resolver performance, resulting in denial of service (large delays for responses for client queries and DNS timeouts on client hosts).
For Debian 8 jessie, these problems have been fixed in version 1:9.9.5.dfsg-9+deb8u23.
We recommend that you upgrade your bind9 packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.