ELA-87-1 bind9 security update

fix issues in zone transfer and key handling

Related CVE CVE-2018-5745 CVE-2019-6465

Two issues have been found in bind9, the Internet Domain Name Server.

CVE-2019-6465: Zone transfer for DLZs are executed though not permitted by ACLs.

CVE-2018-5745: Avoid assertion and thus causing named to deliberately exit when a trust anchor’s key is replaced with a key which uses an unsupported algorithm.

For Debian 7 Wheezy, these problems have been fixed in version 1:9.8.4.dfsg.P1-6+nmu2+deb7u22.

We recommend that you upgrade your bind9 packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/