Date: Wed, 24 Apr 2019 22:55:00 -0800 From: Michael McNally <mcnally@....org> To: oss-security@...ts.openwall.com Subject: Multiple BIND vulnerabilities disclosed (CVE-2018-5743, CVE-2019-6467, and CVE-2019-6468) Today ISC disclosed two vulnerabilities affecting BIND as well as a third vulnerability which affects *only* BIND Supported Preview Edition (a special feature-preview version of BIND provided to ISC support customers.) Information about the vulnerabilities can be found in the ISC Knowledge Base: CVE-2018-5743: Limiting simultaneous TCP clients is ineffective https://kb.isc.org/docs/cve-2018-5743 CVE-2019-6467: An error in the nxdomain redirect feature can cause BIND to exit with an INSIST assertion failure in query.c https://kb.isc.org/docs/cve-2019-6467 CVE-2019-6468: BIND Supported Preview Edition can exit with an assertion failure if nxdomain-redirect is used https://kb.isc.org/docs/cve-2019-6468 New releases of BIND have been issued to fix the vulnerabilities above. They may be downloaded from the ISC website: https://www.isc.org/downloads - 9.11.6-P1 - 9.12.4-P1 - 9.14.1 With the public disclosure of these vulnerabilities, parties which had been given advance notice concerning them are released from non-disclosure and packagers and redistributors are encouraged to publish updated packages containing fixes. If you have additional questions, please direct them to security-officer@....org Thank you, Michael McNally ISC Security Officer
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.