Date: Wed, 2 Sep 2015 22:52:30 +0200 From: ISC Security Officer <security-officer@....org> To: oss-security@...ts.openwall.com Cc: ISC Security Officer <security-officer@....org> Subject: Two new vulnerabilities in BIND: CVE-2015-5722 and CVE-2015-5986 are now public Please be advised that ISC publicly announced two critical vulnerabilities in BIND: + CVE-2015-5722 is a denial-of-service vector which can be exploited remotely against a BIND server that is performing validation on DNSSEC-signed records. All versions of BIND since 9.0.0 are vulnerable. https://kb.isc.org/article/AA-01287 + CVE-2015-5986 is a denial-of-service vector which can be used against a BIND server that is performing recursion and (under limited conditions) an authoritative-only nameserver. Versions of BIND since 9.9.7 and 9.10.2 are vulnerable. https://kb.isc.org/article/AA-01291 New releases of BIND, including security fixes for these vulnerabilities, are available: ftp://ftp.isc.org/isc/bind9/9.10.3rc1/RELEASE-NOTES.bind-9.10.3rc1.html ftp://ftp.isc.org/isc/bind9/9.9.8rc1/RELEASE-NOTES.bind-9.9.8rc1.html ftp://ftp.isc.org/isc/bind9/9.10.2-P4/RELEASE-NOTES.bind-9.10.2-P4.html ftp://ftp.isc.org/isc/bind9/9.9.7-P3/RELEASE-NOTES.bind-9.9.7-P3.html Marcin Siodelski (as ISC Security Officer) [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ