Date: Wed, 16 Oct 2019 13:05:58 -0500 From: ISC Security Officer <security-officer@....org> To: oss-security@...ts.openwall.com Cc: ISC Security Officer <security-officer@....org> Subject: BIND9 CVE-2019-6475 and CVE-2019-6476 Today (2019-10-16) ISC announced two vulnerabilities in our BIND 9 software. CVE-2019-6475, a DNSSEC validation bypass for mirror zones CVE-2019-6476, a flaw in QNAME minimization that can lead to an assertion failure. These issues affect all prior BIND 9.14 releases and all prior BIND 9.15 releases. Our full CVE text can be found at: https://kb.isc.org/docs/cve-2019-6475 https://kb.isc.org/docs/cve-2019-6476 New releases of BIND, including security fixes for this vulnerability, are available at: www.isc.org/downloads/ Release notes for the new versions can be obtained using the following links: https://downloads.isc.org/isc/bind9/9.15.5/RELEASE-NOTES-bind-9.15.5.html https://downloads.isc.org/isc/bind9/9.14.7/RELEASE-NOTES-bind-9.14.7.html -- Brian Conry ISC Support Acting Security Officer Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.