Date: Wed, 24 Apr 2019 22:55:00 -0800 From: Michael McNally <mcnally@....org> To: oss-security@...ts.openwall.com Subject: Multiple BIND vulnerabilities disclosed (CVE-2018-5743, CVE-2019-6467, and CVE-2019-6468) Today ISC disclosed two vulnerabilities affecting BIND as well as a third vulnerability which affects *only* BIND Supported Preview Edition (a special feature-preview version of BIND provided to ISC support customers.) Information about the vulnerabilities can be found in the ISC Knowledge Base: CVE-2018-5743: Limiting simultaneous TCP clients is ineffective https://kb.isc.org/docs/cve-2018-5743 CVE-2019-6467: An error in the nxdomain redirect feature can cause BIND to exit with an INSIST assertion failure in query.c https://kb.isc.org/docs/cve-2019-6467 CVE-2019-6468: BIND Supported Preview Edition can exit with an assertion failure if nxdomain-redirect is used https://kb.isc.org/docs/cve-2019-6468 New releases of BIND have been issued to fix the vulnerabilities above. They may be downloaded from the ISC website: https://www.isc.org/downloads - 9.11.6-P1 - 9.12.4-P1 - 9.14.1 With the public disclosure of these vulnerabilities, parties which had been given advance notice concerning them are released from non-disclosure and packagers and redistributors are encouraged to publish updated packages containing fixes. If you have additional questions, please direct them to security-officer@....org Thank you, Michael McNally ISC Security Officer
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.