Date: Thu, 20 Oct 2016 14:43:14 -0400 From: Michael McNally <mcnally@....org> To: oss-security@...ts.openwall.com Subject: CVE-2016-2848 has been disclosed. Last week we notified the related list, distros@...openwall.org, about CVE-2016-2848, a vulnerability found in ISC BIND releases produced before change #3548, which first appeared in May 2013. Although all of ISC's BIND releases since that date have been immune to the vulnerability, several OS distribution packagers were maintaining BIND packages which were forked from ISC's source line before that change and so we notified that list to give packagers warning before our public disclosure of the vulnerability. As we previously announced it was our intention to do, we have publicly disclosed CVE-2016-2848 today. Since information concerning the vulnerability, including a reproduction script, exists in a public bug repository we urge you to update vulnerable binary packages as soon as possible. Thank you. The official copy of our vulnerability announcement can be found here: https://kb.isc.org/article/AA-01433/74/CVE-2016-2848 Michael McNally ISC Security Officer [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ