Date: Tue, 12 Jun 2018 16:07:30 -0800 From: ISC Security Officer <security-officer@....org> To: oss-security@...ts.openwall.com Subject: ISC has announced CVE-2018-5738, a defect in some versions of BIND Please be advised that ISC has publicly announced a vulnerability in some versions of BIND. CVE-2018-5738 is a medium severity vulnerability in which nameservers containing the previous change #4777 (from October 2017), if they are configured to permit recursive service to some clients, may because of this error improperly inherit the wrong default permission, causing the server to permit recursive service to ALL clients. Several workarounds are documented in the official security advisory document, which can be found in ISC's knowledge base: https://kb.isc.org/article/AA-01616/0/CVE-2018-5738 Michael McNally ISC Security Officer
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ