Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 29 Apr 2021 08:15:10 -0600 (MDT)
From: Ariadne Conill <ariadne@...eferenced.org>
To: oss-security@...ts.openwall.com
cc: Ariadne Conill <ariadne@...eferenced.org>, 
    "security-officer@....org" <security-officer@....org>
Subject: Re: ISC discloses three BIND vulnerabilities
 (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)

Hello,

On Thu, 29 Apr 2021, Ondřej Surý wrote:

> Hi Ariande,
>
> BIND 9.17.x was using the system SPNEGO since 9.17.2 (I think).
>
> Also for older versions, it should be enough to use --disable-isc-spnego if you can’t patch it (that’s what I am doing for Debian buster).  It just won’t work with Heimdal krb5, but it compiles just fine with MIT krb5.

Yeah, we've always built with --disable-isc-spnego, so no problem there.

I wound up just upgrading every branch still supportd to 9.16.15.  Seemed 
like the easiest way.

Ariadne

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.