Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 8 Feb 2017 17:13:08 -0600
From: ISC Security Officer <security-officer@....org>
To: oss-security@...ts.openwall.com
Cc: ISC Security Officer <security-officer@....org>
Subject: BIND9 CVE-2017-3135: Combination of DNS64 and RPZ Can Lead to Crash

Today ISC announced CVE-2017-3135, a denial-of-service vulnerability
that can affect resolvers using both DNS64 and RPZ to rewrite responses
for the same view.

This affects all BIND 9.9 releases since 9.9.3, all BIND 9.10 releases,
and all BIND 9.11 releases, including the 9.9.10b1, 9.10.5b1, and
9.11.1b1 releases.

Our full CVE text can be found at https://kb.isc.org/article/AA-01453

New releases of BIND, including security fixes for this vulnerability,
are available at: www.isc.org/downloads/

Release notes can be obtained using the following links:

ftp://ftp.isc.org/isc/bind9/9.9.9-P6/
ftp://ftp.isc.org/isc/bind9/9.10.4-P6/
ftp://ftp.isc.org/isc/bind9/9.11.0-P3/
ftp://ftp.isc.org/isc/bind9/9.9.10rc1/
ftp://ftp.isc.org/isc/bind9/9.10.5rc1/
ftp://ftp.isc.org/isc/bind9/9.11.1rc1/

-- 
Brian Conry
ISC Support
Acting Security Officer




Download attachment "signature.asc" of type "application/pgp-signature" (456 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ