Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list] 
Date: Tue, 1 Nov 2016 15:06:29 -0500
From: ISC Security Officer <security-officer@....org>
To: oss-security@...ts.openwall.com
Cc: ISC Security Officer <security-officer@....org>
Subject: BIND9 CVE-2016-8864: A problem handling responses containing a
 DNAME,answer can lead to an assertion failure

Please be advised that ISC publicly announced a vulnerability in the
BIND 9 software.

CVE-2016-8864 is a denial-of-service vector which can potentially be
exploited against BIND 9 servers.  All versions prior to the current
releases are vulnerable.

Our full CVE text can be found at https://kb.isc.org/article/AA-01434/0

New releases of BIND, including security fixes for this vulnerability,
are available at: www.isc.org/downloads/

Release notes can be obtained using the following links:

ftp://ftp.isc.org/isc/bind9/9.9.9-P4/
ftp://ftp.isc.org/isc/bind9/9.10.4-P4/
ftp://ftp.isc.org/isc/bind9/9.11.0-P1/

-- 
Brian Conry
ISC Support
Acting Security Officer





Download attachment "signature.asc" of type "application/pgp-signature" (456 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.