Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 8 Feb 2017 17:13:08 -0600
From: ISC Security Officer <>
Cc: ISC Security Officer <>
Subject: BIND9 CVE-2017-3135: Combination of DNS64 and RPZ Can Lead to Crash

Today ISC announced CVE-2017-3135, a denial-of-service vulnerability
that can affect resolvers using both DNS64 and RPZ to rewrite responses
for the same view.

This affects all BIND 9.9 releases since 9.9.3, all BIND 9.10 releases,
and all BIND 9.11 releases, including the 9.9.10b1, 9.10.5b1, and
9.11.1b1 releases.

Our full CVE text can be found at

New releases of BIND, including security fixes for this vulnerability,
are available at:

Release notes can be obtained using the following links:

Brian Conry
ISC Support
Acting Security Officer

Download attachment "signature.asc" of type "application/pgp-signature" (456 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.