Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 20 Oct 2016 14:43:14 -0400
From: Michael McNally <mcnally@....org>
To: oss-security@...ts.openwall.com
Subject: CVE-2016-2848 has been disclosed.

Last week we notified the related list, distros@...openwall.org,
about CVE-2016-2848, a vulnerability found in ISC BIND releases
produced before change #3548, which first appeared in May 2013.

Although all of ISC's BIND releases since that date have been immune
to the vulnerability, several OS distribution packagers were
maintaining BIND packages which were forked from ISC's
source line before that change and so we notified that
list to give packagers warning before our public disclosure of
the vulnerability.

As we previously announced it was our intention to do,
we have publicly disclosed CVE-2016-2848 today.

Since information concerning the vulnerability, including
a reproduction script, exists in a public bug repository
we urge you to update vulnerable binary packages as soon
as possible.

Thank you.  The official copy of our vulnerability announcement
can be found here:  https://kb.isc.org/article/AA-01433/74/CVE-2016-2848

Michael McNally
ISC Security Officer



[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ